]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/load-fragment.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tree-wide: always drop unnecessary dot in path
[thirdparty/systemd.git] / src / core / load-fragment.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2 /***
3 Copyright © 2012 Holger Hans Peter Freyther
4 ***/
5
6 #include <errno.h>
7 #include <fcntl.h>
8 #include <linux/fs.h>
9 #include <linux/oom.h>
10 #if HAVE_SECCOMP
11 #include <seccomp.h>
12 #endif
13 #include <sched.h>
14 #include <sys/resource.h>
15
16 #include "sd-messages.h"
17
18 #include "af-list.h"
19 #include "all-units.h"
20 #include "alloc-util.h"
21 #include "bpf-firewall.h"
22 #include "bpf-program.h"
23 #include "bus-error.h"
24 #include "bus-internal.h"
25 #include "bus-util.h"
26 #include "cap-list.h"
27 #include "capability-util.h"
28 #include "cgroup-setup.h"
29 #include "conf-parser.h"
30 #include "core-varlink.h"
31 #include "cpu-set-util.h"
32 #include "creds-util.h"
33 #include "env-util.h"
34 #include "errno-list.h"
35 #include "escape.h"
36 #include "fd-util.h"
37 #include "fileio.h"
38 #include "fs-util.h"
39 #include "hexdecoct.h"
40 #include "io-util.h"
41 #include "ioprio.h"
42 #include "ip-protocol-list.h"
43 #include "journal-file.h"
44 #include "limits-util.h"
45 #include "load-fragment.h"
46 #include "log.h"
47 #include "mountpoint-util.h"
48 #include "nulstr-util.h"
49 #include "parse-util.h"
50 #include "path-util.h"
51 #include "percent-util.h"
52 #include "process-util.h"
53 #if HAVE_SECCOMP
54 #include "seccomp-util.h"
55 #endif
56 #include "securebits-util.h"
57 #include "signal-util.h"
58 #include "socket-bind.h"
59 #include "socket-netlink.h"
60 #include "specifier.h"
61 #include "stat-util.h"
62 #include "string-util.h"
63 #include "strv.h"
64 #include "syslog-util.h"
65 #include "time-util.h"
66 #include "unit-name.h"
67 #include "unit-printf.h"
68 #include "user-util.h"
69 #include "utf8.h"
70 #include "web-util.h"
71
72 static int parse_socket_protocol(const char *s) {
73 int r;
74
75 r = parse_ip_protocol(s);
76 if (r < 0)
77 return r;
78 if (!IN_SET(r, IPPROTO_UDPLITE, IPPROTO_SCTP))
79 return -EPROTONOSUPPORT;
80
81 return r;
82 }
83
84 int parse_crash_chvt(const char *value, int *data) {
85 int b;
86
87 if (safe_atoi(value, data) >= 0)
88 return 0;
89
90 b = parse_boolean(value);
91 if (b < 0)
92 return b;
93
94 if (b > 0)
95 *data = 0; /* switch to where kmsg goes */
96 else
97 *data = -1; /* turn off switching */
98
99 return 0;
100 }
101
102 int parse_confirm_spawn(const char *value, char **console) {
103 char *s;
104 int r;
105
106 r = value ? parse_boolean(value) : 1;
107 if (r == 0) {
108 *console = NULL;
109 return 0;
110 } else if (r > 0) /* on with default tty */
111 s = strdup("/dev/console");
112 else if (is_path(value)) /* on with fully qualified path */
113 s = strdup(value);
114 else /* on with only a tty file name, not a fully qualified path */
115 s = path_join("/dev/", value);
116 if (!s)
117 return -ENOMEM;
118
119 *console = s;
120 return 0;
121 }
122
123 DEFINE_CONFIG_PARSE(config_parse_socket_protocol, parse_socket_protocol, "Failed to parse socket protocol");
124 DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits, secure_bits_from_string, "Failed to parse secure bits");
125 DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode, collect_mode, CollectMode, "Failed to parse garbage collection mode");
126 DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy, cgroup_device_policy, CGroupDevicePolicy, "Failed to parse device policy");
127 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode, exec_keyring_mode, ExecKeyringMode, "Failed to parse keyring mode");
128 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_proc, protect_proc, ProtectProc, "Failed to parse /proc/ protection mode");
129 DEFINE_CONFIG_PARSE_ENUM(config_parse_proc_subset, proc_subset, ProcSubset, "Failed to parse /proc/ subset mode");
130 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode, exec_utmp_mode, ExecUtmpMode, "Failed to parse utmp mode");
131 DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode, job_mode, JobMode, "Failed to parse job mode");
132 DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access, notify_access, NotifyAccess, "Failed to parse notify access specifier");
133 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_home, protect_home, ProtectHome, "Failed to parse protect home value");
134 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_system, protect_system, ProtectSystem, "Failed to parse protect system value");
135 DEFINE_CONFIG_PARSE_ENUM(config_parse_runtime_preserve_mode, exec_preserve_mode, ExecPreserveMode, "Failed to parse runtime directory preserve mode");
136 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_type, service_type, ServiceType, "Failed to parse service type");
137 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_exit_type, service_exit_type, ServiceExitType, "Failed to parse service exit type");
138 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart, service_restart, ServiceRestart, "Failed to parse service restart specifier");
139 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_timeout_failure_mode, service_timeout_failure_mode, ServiceTimeoutFailureMode, "Failed to parse timeout failure mode");
140 DEFINE_CONFIG_PARSE_ENUM(config_parse_socket_bind, socket_address_bind_ipv6_only_or_bool, SocketAddressBindIPv6Only, "Failed to parse bind IPv6 only value");
141 DEFINE_CONFIG_PARSE_ENUM(config_parse_oom_policy, oom_policy, OOMPolicy, "Failed to parse OOM policy");
142 DEFINE_CONFIG_PARSE_ENUM(config_parse_managed_oom_preference, managed_oom_preference, ManagedOOMPreference, "Failed to parse ManagedOOMPreference=");
143 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos, ip_tos, int, -1, "Failed to parse IP TOS value");
144 DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight, cg_blkio_weight_parse, uint64_t, "Invalid block IO weight");
145 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight, cg_weight_parse, uint64_t, "Invalid weight");
146 DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares, cg_cpu_shares_parse, uint64_t, "Invalid CPU shares");
147 DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_flags, mount_propagation_flags_from_string, unsigned long, "Failed to parse mount flag");
148 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy, mpol, int, -1, "Invalid NUMA policy type");
149 DEFINE_CONFIG_PARSE_ENUM(config_parse_status_unit_format, status_unit_format, StatusUnitFormat, "Failed to parse status unit format");
150 DEFINE_CONFIG_PARSE_ENUM_FULL(config_parse_socket_timestamping, socket_timestamping_from_string_harder, SocketTimestamping, "Failed to parse timestamping precision");
151
152 int config_parse_unit_deps(
153 const char *unit,
154 const char *filename,
155 unsigned line,
156 const char *section,
157 unsigned section_line,
158 const char *lvalue,
159 int ltype,
160 const char *rvalue,
161 void *data,
162 void *userdata) {
163
164 UnitDependency d = ltype;
165 Unit *u = userdata;
166
167 assert(filename);
168 assert(lvalue);
169 assert(rvalue);
170
171 for (const char *p = rvalue;;) {
172 _cleanup_free_ char *word = NULL, *k = NULL;
173 int r;
174
175 r = extract_first_word(&p, &word, NULL, EXTRACT_RETAIN_ESCAPE);
176 if (r == 0)
177 return 0;
178 if (r == -ENOMEM)
179 return log_oom();
180 if (r < 0) {
181 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
182 return 0;
183 }
184
185 r = unit_name_printf(u, word, &k);
186 if (r < 0) {
187 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
188 continue;
189 }
190
191 r = unit_add_dependency_by_name(u, d, k, true, UNIT_DEPENDENCY_FILE);
192 if (r < 0)
193 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
194 }
195 }
196
197 int config_parse_obsolete_unit_deps(
198 const char *unit,
199 const char *filename,
200 unsigned line,
201 const char *section,
202 unsigned section_line,
203 const char *lvalue,
204 int ltype,
205 const char *rvalue,
206 void *data,
207 void *userdata) {
208
209 log_syntax(unit, LOG_WARNING, filename, line, 0,
210 "Unit dependency type %s= is obsolete, replacing by %s=, please update your unit file", lvalue, unit_dependency_to_string(ltype));
211
212 return config_parse_unit_deps(unit, filename, line, section, section_line, lvalue, ltype, rvalue, data, userdata);
213 }
214
215 int config_parse_unit_string_printf(
216 const char *unit,
217 const char *filename,
218 unsigned line,
219 const char *section,
220 unsigned section_line,
221 const char *lvalue,
222 int ltype,
223 const char *rvalue,
224 void *data,
225 void *userdata) {
226
227 _cleanup_free_ char *k = NULL;
228 const Unit *u = userdata;
229 int r;
230
231 assert(filename);
232 assert(lvalue);
233 assert(rvalue);
234 assert(u);
235
236 r = unit_full_printf(u, rvalue, &k);
237 if (r < 0) {
238 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
239 return 0;
240 }
241
242 return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
243 }
244
245 int config_parse_unit_strv_printf(
246 const char *unit,
247 const char *filename,
248 unsigned line,
249 const char *section,
250 unsigned section_line,
251 const char *lvalue,
252 int ltype,
253 const char *rvalue,
254 void *data,
255 void *userdata) {
256
257 const Unit *u = userdata;
258 _cleanup_free_ char *k = NULL;
259 int r;
260
261 assert(filename);
262 assert(lvalue);
263 assert(rvalue);
264 assert(u);
265
266 r = unit_full_printf(u, rvalue, &k);
267 if (r < 0) {
268 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
269 return 0;
270 }
271
272 return config_parse_strv(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
273 }
274
275 int config_parse_unit_path_printf(
276 const char *unit,
277 const char *filename,
278 unsigned line,
279 const char *section,
280 unsigned section_line,
281 const char *lvalue,
282 int ltype,
283 const char *rvalue,
284 void *data,
285 void *userdata) {
286
287 _cleanup_free_ char *k = NULL;
288 const Unit *u = userdata;
289 int r;
290 bool fatal = ltype;
291
292 assert(filename);
293 assert(lvalue);
294 assert(rvalue);
295 assert(u);
296
297 r = unit_path_printf(u, rvalue, &k);
298 if (r < 0) {
299 log_syntax(unit, fatal ? LOG_ERR : LOG_WARNING, filename, line, r,
300 "Failed to resolve unit specifiers in '%s'%s: %m",
301 rvalue, fatal ? "" : ", ignoring");
302 return fatal ? -ENOEXEC : 0;
303 }
304
305 return config_parse_path(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
306 }
307
308 int config_parse_unit_path_strv_printf(
309 const char *unit,
310 const char *filename,
311 unsigned line,
312 const char *section,
313 unsigned section_line,
314 const char *lvalue,
315 int ltype,
316 const char *rvalue,
317 void *data,
318 void *userdata) {
319
320 char ***x = data;
321 const Unit *u = userdata;
322 int r;
323
324 assert(filename);
325 assert(lvalue);
326 assert(rvalue);
327 assert(u);
328
329 if (isempty(rvalue)) {
330 *x = strv_free(*x);
331 return 0;
332 }
333
334 for (const char *p = rvalue;;) {
335 _cleanup_free_ char *word = NULL, *k = NULL;
336
337 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
338 if (r == 0)
339 return 0;
340 if (r == -ENOMEM)
341 return log_oom();
342 if (r < 0) {
343 log_syntax(unit, LOG_WARNING, filename, line, r,
344 "Invalid syntax, ignoring: %s", rvalue);
345 return 0;
346 }
347
348 r = unit_path_printf(u, word, &k);
349 if (r < 0) {
350 log_syntax(unit, LOG_WARNING, filename, line, r,
351 "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
352 return 0;
353 }
354
355 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
356 if (r < 0)
357 return 0;
358
359 r = strv_consume(x, TAKE_PTR(k));
360 if (r < 0)
361 return log_oom();
362 }
363 }
364
365 static int patch_var_run(
366 const char *unit,
367 const char *filename,
368 unsigned line,
369 const char *lvalue,
370 char **path) {
371
372 const char *e;
373 char *z;
374
375 e = path_startswith(*path, "/var/run/");
376 if (!e)
377 return 0;
378
379 z = path_join("/run/", e);
380 if (!z)
381 return log_oom();
382
383 log_syntax(unit, LOG_NOTICE, filename, line, 0,
384 "%s= references a path below legacy directory /var/run/, updating %s → %s; "
385 "please update the unit file accordingly.", lvalue, *path, z);
386
387 free_and_replace(*path, z);
388
389 return 1;
390 }
391
392 int config_parse_socket_listen(
393 const char *unit,
394 const char *filename,
395 unsigned line,
396 const char *section,
397 unsigned section_line,
398 const char *lvalue,
399 int ltype,
400 const char *rvalue,
401 void *data,
402 void *userdata) {
403
404 _cleanup_free_ SocketPort *p = NULL;
405 SocketPort *tail;
406 Socket *s;
407 int r;
408
409 assert(filename);
410 assert(lvalue);
411 assert(rvalue);
412 assert(data);
413
414 s = SOCKET(data);
415
416 if (isempty(rvalue)) {
417 /* An empty assignment removes all ports */
418 socket_free_ports(s);
419 return 0;
420 }
421
422 p = new0(SocketPort, 1);
423 if (!p)
424 return log_oom();
425
426 if (ltype != SOCKET_SOCKET) {
427 _cleanup_free_ char *k = NULL;
428
429 r = unit_path_printf(UNIT(s), rvalue, &k);
430 if (r < 0) {
431 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
432 return 0;
433 }
434
435 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
436 if (r < 0)
437 return 0;
438
439 if (ltype == SOCKET_FIFO) {
440 r = patch_var_run(unit, filename, line, lvalue, &k);
441 if (r < 0)
442 return r;
443 }
444
445 free_and_replace(p->path, k);
446 p->type = ltype;
447
448 } else if (streq(lvalue, "ListenNetlink")) {
449 _cleanup_free_ char *k = NULL;
450
451 r = unit_path_printf(UNIT(s), rvalue, &k);
452 if (r < 0) {
453 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
454 return 0;
455 }
456
457 r = socket_address_parse_netlink(&p->address, k);
458 if (r < 0) {
459 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
460 return 0;
461 }
462
463 p->type = SOCKET_SOCKET;
464
465 } else {
466 _cleanup_free_ char *k = NULL;
467
468 r = unit_path_printf(UNIT(s), rvalue, &k);
469 if (r < 0) {
470 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
471 return 0;
472 }
473
474 if (k[0] == '/') { /* Only for AF_UNIX file system sockets… */
475 r = patch_var_run(unit, filename, line, lvalue, &k);
476 if (r < 0)
477 return r;
478 }
479
480 r = socket_address_parse_and_warn(&p->address, k);
481 if (r < 0) {
482 if (r != -EAFNOSUPPORT)
483 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
484 return 0;
485 }
486
487 if (streq(lvalue, "ListenStream"))
488 p->address.type = SOCK_STREAM;
489 else if (streq(lvalue, "ListenDatagram"))
490 p->address.type = SOCK_DGRAM;
491 else {
492 assert(streq(lvalue, "ListenSequentialPacket"));
493 p->address.type = SOCK_SEQPACKET;
494 }
495
496 if (socket_address_family(&p->address) != AF_LOCAL && p->address.type == SOCK_SEQPACKET) {
497 log_syntax(unit, LOG_WARNING, filename, line, 0, "Address family not supported, ignoring: %s", rvalue);
498 return 0;
499 }
500
501 p->type = SOCKET_SOCKET;
502 }
503
504 p->fd = -1;
505 p->auxiliary_fds = NULL;
506 p->n_auxiliary_fds = 0;
507 p->socket = s;
508
509 LIST_FIND_TAIL(port, s->ports, tail);
510 LIST_INSERT_AFTER(port, s->ports, tail, p);
511
512 p = NULL;
513
514 return 0;
515 }
516
517 int config_parse_exec_nice(
518 const char *unit,
519 const char *filename,
520 unsigned line,
521 const char *section,
522 unsigned section_line,
523 const char *lvalue,
524 int ltype,
525 const char *rvalue,
526 void *data,
527 void *userdata) {
528
529 ExecContext *c = data;
530 int priority, r;
531
532 assert(filename);
533 assert(lvalue);
534 assert(rvalue);
535 assert(data);
536
537 if (isempty(rvalue)) {
538 c->nice_set = false;
539 return 0;
540 }
541
542 r = parse_nice(rvalue, &priority);
543 if (r < 0) {
544 if (r == -ERANGE)
545 log_syntax(unit, LOG_WARNING, filename, line, r, "Nice priority out of range, ignoring: %s", rvalue);
546 else
547 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse nice priority '%s', ignoring: %m", rvalue);
548 return 0;
549 }
550
551 c->nice = priority;
552 c->nice_set = true;
553
554 return 0;
555 }
556
557 int config_parse_exec_oom_score_adjust(
558 const char* unit,
559 const char *filename,
560 unsigned line,
561 const char *section,
562 unsigned section_line,
563 const char *lvalue,
564 int ltype,
565 const char *rvalue,
566 void *data,
567 void *userdata) {
568
569 ExecContext *c = data;
570 int oa, r;
571
572 assert(filename);
573 assert(lvalue);
574 assert(rvalue);
575 assert(data);
576
577 if (isempty(rvalue)) {
578 c->oom_score_adjust_set = false;
579 return 0;
580 }
581
582 r = parse_oom_score_adjust(rvalue, &oa);
583 if (r < 0) {
584 if (r == -ERANGE)
585 log_syntax(unit, LOG_WARNING, filename, line, r, "OOM score adjust value out of range, ignoring: %s", rvalue);
586 else
587 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse the OOM score adjust value '%s', ignoring: %m", rvalue);
588 return 0;
589 }
590
591 c->oom_score_adjust = oa;
592 c->oom_score_adjust_set = true;
593
594 return 0;
595 }
596
597 int config_parse_exec_coredump_filter(
598 const char* unit,
599 const char *filename,
600 unsigned line,
601 const char *section,
602 unsigned section_line,
603 const char *lvalue,
604 int ltype,
605 const char *rvalue,
606 void *data,
607 void *userdata) {
608
609 ExecContext *c = data;
610 int r;
611
612 assert(filename);
613 assert(lvalue);
614 assert(rvalue);
615 assert(data);
616
617 if (isempty(rvalue)) {
618 c->coredump_filter = 0;
619 c->coredump_filter_set = false;
620 return 0;
621 }
622
623 uint64_t f;
624 r = coredump_filter_mask_from_string(rvalue, &f);
625 if (r < 0) {
626 log_syntax(unit, LOG_WARNING, filename, line, r,
627 "Failed to parse the CoredumpFilter=%s, ignoring: %m", rvalue);
628 return 0;
629 }
630
631 c->coredump_filter |= f;
632 c->oom_score_adjust_set = true;
633 return 0;
634 }
635
636 int config_parse_kill_mode(
637 const char* unit,
638 const char *filename,
639 unsigned line,
640 const char *section,
641 unsigned section_line,
642 const char *lvalue,
643 int ltype,
644 const char *rvalue,
645 void *data,
646 void *userdata) {
647
648 KillMode *k = data, m;
649
650 assert(filename);
651 assert(lvalue);
652 assert(rvalue);
653 assert(data);
654
655 if (isempty(rvalue)) {
656 *k = KILL_CONTROL_GROUP;
657 return 0;
658 }
659
660 m = kill_mode_from_string(rvalue);
661 if (m < 0) {
662 log_syntax(unit, LOG_WARNING, filename, line, m,
663 "Failed to parse kill mode specification, ignoring: %s", rvalue);
664 return 0;
665 }
666
667 if (m == KILL_NONE)
668 log_syntax(unit, LOG_WARNING, filename, line, 0,
669 "Unit configured to use KillMode=none. "
670 "This is unsafe, as it disables systemd's process lifecycle management for the service. "
671 "Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. "
672 "Support for KillMode=none is deprecated and will eventually be removed.");
673
674 *k = m;
675 return 0;
676 }
677
678 int config_parse_exec(
679 const char *unit,
680 const char *filename,
681 unsigned line,
682 const char *section,
683 unsigned section_line,
684 const char *lvalue,
685 int ltype,
686 const char *rvalue,
687 void *data,
688 void *userdata) {
689
690 ExecCommand **e = data;
691 const Unit *u = userdata;
692 const char *p;
693 bool semicolon;
694 int r;
695
696 assert(filename);
697 assert(lvalue);
698 assert(rvalue);
699 assert(e);
700
701 e += ltype;
702
703 if (isempty(rvalue)) {
704 /* An empty assignment resets the list */
705 *e = exec_command_free_list(*e);
706 return 0;
707 }
708
709 p = rvalue;
710 do {
711 _cleanup_free_ char *path = NULL, *firstword = NULL;
712 ExecCommandFlags flags = 0;
713 bool ignore = false, separate_argv0 = false;
714 _cleanup_free_ ExecCommand *nce = NULL;
715 _cleanup_strv_free_ char **n = NULL;
716 size_t nlen = 0;
717 const char *f;
718
719 semicolon = false;
720
721 r = extract_first_word_and_warn(&p, &firstword, NULL, EXTRACT_UNQUOTE|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
722 if (r <= 0)
723 return 0;
724
725 /* A lone ";" is a separator. Let's make sure we don't treat it as an executable name. */
726 if (streq(firstword, ";")) {
727 semicolon = true;
728 continue;
729 }
730
731 f = firstword;
732 for (;;) {
733 /* We accept an absolute path as first argument. If it's prefixed with - and the path doesn't
734 * exist, we ignore it instead of erroring out; if it's prefixed with @, we allow overriding of
735 * argv[0]; if it's prefixed with :, we will not do environment variable substitution;
736 * if it's prefixed with +, it will be run with full privileges and no sandboxing; if
737 * it's prefixed with '!' we apply sandboxing, but do not change user/group credentials; if
738 * it's prefixed with '!!', then we apply user/group credentials if the kernel supports ambient
739 * capabilities -- if it doesn't we don't apply the credentials themselves, but do apply most
740 * other sandboxing, with some special exceptions for changing UID.
741 *
742 * The idea is that '!!' may be used to write services that can take benefit of systemd's
743 * UID/GID dropping if the kernel supports ambient creds, but provide an automatic fallback to
744 * privilege dropping within the daemon if the kernel does not offer that. */
745
746 if (*f == '-' && !(flags & EXEC_COMMAND_IGNORE_FAILURE)) {
747 flags |= EXEC_COMMAND_IGNORE_FAILURE;
748 ignore = true;
749 } else if (*f == '@' && !separate_argv0)
750 separate_argv0 = true;
751 else if (*f == ':' && !(flags & EXEC_COMMAND_NO_ENV_EXPAND))
752 flags |= EXEC_COMMAND_NO_ENV_EXPAND;
753 else if (*f == '+' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
754 flags |= EXEC_COMMAND_FULLY_PRIVILEGED;
755 else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
756 flags |= EXEC_COMMAND_NO_SETUID;
757 else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_AMBIENT_MAGIC))) {
758 flags &= ~EXEC_COMMAND_NO_SETUID;
759 flags |= EXEC_COMMAND_AMBIENT_MAGIC;
760 } else
761 break;
762 f++;
763 }
764
765 r = unit_path_printf(u, f, &path);
766 if (r < 0) {
767 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
768 "Failed to resolve unit specifiers in '%s'%s: %m",
769 f, ignore ? ", ignoring" : "");
770 return ignore ? 0 : -ENOEXEC;
771 }
772
773 if (isempty(path)) {
774 /* First word is either "-" or "@" with no command. */
775 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
776 "Empty path in command line%s: '%s'",
777 ignore ? ", ignoring" : "", rvalue);
778 return ignore ? 0 : -ENOEXEC;
779 }
780 if (!string_is_safe(path)) {
781 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
782 "Executable name contains special characters%s: %s",
783 ignore ? ", ignoring" : "", path);
784 return ignore ? 0 : -ENOEXEC;
785 }
786 if (endswith(path, "/")) {
787 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
788 "Executable path specifies a directory%s: %s",
789 ignore ? ", ignoring" : "", path);
790 return ignore ? 0 : -ENOEXEC;
791 }
792
793 if (!(path_is_absolute(path) ? path_is_valid(path) : filename_is_valid(path))) {
794 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
795 "Neither a valid executable name nor an absolute path%s: %s",
796 ignore ? ", ignoring" : "", path);
797 return ignore ? 0 : -ENOEXEC;
798 }
799
800 if (!separate_argv0) {
801 char *w = NULL;
802
803 if (!GREEDY_REALLOC(n, nlen + 2))
804 return log_oom();
805
806 w = strdup(path);
807 if (!w)
808 return log_oom();
809 n[nlen++] = w;
810 n[nlen] = NULL;
811 }
812
813 path_simplify(path);
814
815 while (!isempty(p)) {
816 _cleanup_free_ char *word = NULL, *resolved = NULL;
817
818 /* Check explicitly for an unquoted semicolon as
819 * command separator token. */
820 if (p[0] == ';' && (!p[1] || strchr(WHITESPACE, p[1]))) {
821 p++;
822 p += strspn(p, WHITESPACE);
823 semicolon = true;
824 break;
825 }
826
827 /* Check for \; explicitly, to not confuse it with \\; or "\;" or "\\;" etc.
828 * extract_first_word() would return the same for all of those. */
829 if (p[0] == '\\' && p[1] == ';' && (!p[2] || strchr(WHITESPACE, p[2]))) {
830 char *w;
831
832 p += 2;
833 p += strspn(p, WHITESPACE);
834
835 if (!GREEDY_REALLOC(n, nlen + 2))
836 return log_oom();
837
838 w = strdup(";");
839 if (!w)
840 return log_oom();
841 n[nlen++] = w;
842 n[nlen] = NULL;
843 continue;
844 }
845
846 r = extract_first_word_and_warn(&p, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
847 if (r == 0)
848 break;
849 if (r < 0)
850 return ignore ? 0 : -ENOEXEC;
851
852 r = unit_path_printf(u, word, &resolved);
853 if (r < 0) {
854 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
855 "Failed to resolve unit specifiers in %s%s: %m",
856 word, ignore ? ", ignoring" : "");
857 return ignore ? 0 : -ENOEXEC;
858 }
859
860 if (!GREEDY_REALLOC(n, nlen + 2))
861 return log_oom();
862
863 n[nlen++] = TAKE_PTR(resolved);
864 n[nlen] = NULL;
865 }
866
867 if (!n || !n[0]) {
868 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
869 "Empty executable name or zeroeth argument%s: %s",
870 ignore ? ", ignoring" : "", rvalue);
871 return ignore ? 0 : -ENOEXEC;
872 }
873
874 nce = new0(ExecCommand, 1);
875 if (!nce)
876 return log_oom();
877
878 nce->argv = TAKE_PTR(n);
879 nce->path = TAKE_PTR(path);
880 nce->flags = flags;
881
882 exec_command_append_list(e, nce);
883
884 /* Do not _cleanup_free_ these. */
885 nce = NULL;
886
887 rvalue = p;
888 } while (semicolon);
889
890 return 0;
891 }
892
893 int config_parse_socket_bindtodevice(
894 const char* unit,
895 const char *filename,
896 unsigned line,
897 const char *section,
898 unsigned section_line,
899 const char *lvalue,
900 int ltype,
901 const char *rvalue,
902 void *data,
903 void *userdata) {
904
905 Socket *s = data;
906
907 assert(filename);
908 assert(lvalue);
909 assert(rvalue);
910 assert(data);
911
912 if (isempty(rvalue) || streq(rvalue, "*")) {
913 s->bind_to_device = mfree(s->bind_to_device);
914 return 0;
915 }
916
917 if (!ifname_valid(rvalue)) {
918 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid interface name, ignoring: %s", rvalue);
919 return 0;
920 }
921
922 return free_and_strdup_warn(&s->bind_to_device, rvalue);
923 }
924
925 int config_parse_exec_input(
926 const char *unit,
927 const char *filename,
928 unsigned line,
929 const char *section,
930 unsigned section_line,
931 const char *lvalue,
932 int ltype,
933 const char *rvalue,
934 void *data,
935 void *userdata) {
936
937 ExecContext *c = data;
938 const Unit *u = userdata;
939 const char *n;
940 ExecInput ei;
941 int r;
942
943 assert(data);
944 assert(filename);
945 assert(line);
946 assert(rvalue);
947
948 n = startswith(rvalue, "fd:");
949 if (n) {
950 _cleanup_free_ char *resolved = NULL;
951
952 r = unit_fd_printf(u, n, &resolved);
953 if (r < 0) {
954 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", n);
955 return 0;
956 }
957
958 if (isempty(resolved))
959 resolved = mfree(resolved);
960 else if (!fdname_is_valid(resolved)) {
961 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid file descriptor name, ignoring: %s", resolved);
962 return 0;
963 }
964
965 free_and_replace(c->stdio_fdname[STDIN_FILENO], resolved);
966
967 ei = EXEC_INPUT_NAMED_FD;
968
969 } else if ((n = startswith(rvalue, "file:"))) {
970 _cleanup_free_ char *resolved = NULL;
971
972 r = unit_path_printf(u, n, &resolved);
973 if (r < 0) {
974 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", n);
975 return 0;
976 }
977
978 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
979 if (r < 0)
980 return 0;
981
982 free_and_replace(c->stdio_file[STDIN_FILENO], resolved);
983
984 ei = EXEC_INPUT_FILE;
985
986 } else {
987 ei = exec_input_from_string(rvalue);
988 if (ei < 0) {
989 log_syntax(unit, LOG_WARNING, filename, line, ei, "Failed to parse input specifier, ignoring: %s", rvalue);
990 return 0;
991 }
992 }
993
994 c->std_input = ei;
995 return 0;
996 }
997
998 int config_parse_exec_input_text(
999 const char *unit,
1000 const char *filename,
1001 unsigned line,
1002 const char *section,
1003 unsigned section_line,
1004 const char *lvalue,
1005 int ltype,
1006 const char *rvalue,
1007 void *data,
1008 void *userdata) {
1009
1010 _cleanup_free_ char *unescaped = NULL, *resolved = NULL;
1011 ExecContext *c = data;
1012 const Unit *u = userdata;
1013 size_t sz;
1014 void *p;
1015 int r;
1016
1017 assert(data);
1018 assert(filename);
1019 assert(line);
1020 assert(rvalue);
1021
1022 if (isempty(rvalue)) {
1023 /* Reset if the empty string is assigned */
1024 c->stdin_data = mfree(c->stdin_data);
1025 c->stdin_data_size = 0;
1026 return 0;
1027 }
1028
1029 r = cunescape(rvalue, 0, &unescaped);
1030 if (r < 0) {
1031 log_syntax(unit, LOG_WARNING, filename, line, r,
1032 "Failed to decode C escaped text '%s', ignoring: %m", rvalue);
1033 return 0;
1034 }
1035
1036 r = unit_full_printf_full(u, unescaped, EXEC_STDIN_DATA_MAX, &resolved);
1037 if (r < 0) {
1038 log_syntax(unit, LOG_WARNING, filename, line, r,
1039 "Failed to resolve unit specifiers in '%s', ignoring: %m", unescaped);
1040 return 0;
1041 }
1042
1043 sz = strlen(resolved);
1044 if (c->stdin_data_size + sz + 1 < c->stdin_data_size || /* check for overflow */
1045 c->stdin_data_size + sz + 1 > EXEC_STDIN_DATA_MAX) {
1046 log_syntax(unit, LOG_WARNING, filename, line, 0,
1047 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1048 c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
1049 return 0;
1050 }
1051
1052 p = realloc(c->stdin_data, c->stdin_data_size + sz + 1);
1053 if (!p)
1054 return log_oom();
1055
1056 *((char*) mempcpy((char*) p + c->stdin_data_size, resolved, sz)) = '\n';
1057
1058 c->stdin_data = p;
1059 c->stdin_data_size += sz + 1;
1060
1061 return 0;
1062 }
1063
1064 int config_parse_exec_input_data(
1065 const char *unit,
1066 const char *filename,
1067 unsigned line,
1068 const char *section,
1069 unsigned section_line,
1070 const char *lvalue,
1071 int ltype,
1072 const char *rvalue,
1073 void *data,
1074 void *userdata) {
1075
1076 _cleanup_free_ void *p = NULL;
1077 ExecContext *c = data;
1078 size_t sz;
1079 void *q;
1080 int r;
1081
1082 assert(data);
1083 assert(filename);
1084 assert(line);
1085 assert(rvalue);
1086
1087 if (isempty(rvalue)) {
1088 /* Reset if the empty string is assigned */
1089 c->stdin_data = mfree(c->stdin_data);
1090 c->stdin_data_size = 0;
1091 return 0;
1092 }
1093
1094 r = unbase64mem(rvalue, SIZE_MAX, &p, &sz);
1095 if (r < 0) {
1096 log_syntax(unit, LOG_WARNING, filename, line, r,
1097 "Failed to decode base64 data, ignoring: %s", rvalue);
1098 return 0;
1099 }
1100
1101 assert(sz > 0);
1102
1103 if (c->stdin_data_size + sz < c->stdin_data_size || /* check for overflow */
1104 c->stdin_data_size + sz > EXEC_STDIN_DATA_MAX) {
1105 log_syntax(unit, LOG_WARNING, filename, line, 0,
1106 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1107 c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
1108 return 0;
1109 }
1110
1111 q = realloc(c->stdin_data, c->stdin_data_size + sz);
1112 if (!q)
1113 return log_oom();
1114
1115 memcpy((uint8_t*) q + c->stdin_data_size, p, sz);
1116
1117 c->stdin_data = q;
1118 c->stdin_data_size += sz;
1119
1120 return 0;
1121 }
1122
1123 int config_parse_exec_output(
1124 const char *unit,
1125 const char *filename,
1126 unsigned line,
1127 const char *section,
1128 unsigned section_line,
1129 const char *lvalue,
1130 int ltype,
1131 const char *rvalue,
1132 void *data,
1133 void *userdata) {
1134
1135 _cleanup_free_ char *resolved = NULL;
1136 const char *n;
1137 ExecContext *c = data;
1138 const Unit *u = userdata;
1139 bool obsolete = false;
1140 ExecOutput eo;
1141 int r;
1142
1143 assert(data);
1144 assert(filename);
1145 assert(line);
1146 assert(lvalue);
1147 assert(rvalue);
1148
1149 n = startswith(rvalue, "fd:");
1150 if (n) {
1151 r = unit_fd_printf(u, n, &resolved);
1152 if (r < 0) {
1153 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
1154 return 0;
1155 }
1156
1157 if (isempty(resolved))
1158 resolved = mfree(resolved);
1159 else if (!fdname_is_valid(resolved)) {
1160 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid file descriptor name, ignoring: %s", resolved);
1161 return 0;
1162 }
1163
1164 eo = EXEC_OUTPUT_NAMED_FD;
1165
1166 } else if (streq(rvalue, "syslog")) {
1167 eo = EXEC_OUTPUT_JOURNAL;
1168 obsolete = true;
1169
1170 } else if (streq(rvalue, "syslog+console")) {
1171 eo = EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
1172 obsolete = true;
1173
1174 } else if ((n = startswith(rvalue, "file:"))) {
1175
1176 r = unit_path_printf(u, n, &resolved);
1177 if (r < 0) {
1178 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", n);
1179 return 0;
1180 }
1181
1182 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1183 if (r < 0)
1184 return 0;
1185
1186 eo = EXEC_OUTPUT_FILE;
1187
1188 } else if ((n = startswith(rvalue, "append:"))) {
1189
1190 r = unit_path_printf(u, n, &resolved);
1191 if (r < 0) {
1192 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", n);
1193 return 0;
1194 }
1195
1196 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1197 if (r < 0)
1198 return 0;
1199
1200 eo = EXEC_OUTPUT_FILE_APPEND;
1201
1202 } else if ((n = startswith(rvalue, "truncate:"))) {
1203
1204 r = unit_path_printf(u, n, &resolved);
1205 if (r < 0) {
1206 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", n);
1207 return 0;
1208 }
1209
1210 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1211 if (r < 0)
1212 return 0;
1213
1214 eo = EXEC_OUTPUT_FILE_TRUNCATE;
1215 } else {
1216 eo = exec_output_from_string(rvalue);
1217 if (eo < 0) {
1218 log_syntax(unit, LOG_WARNING, filename, line, eo, "Failed to parse output specifier, ignoring: %s", rvalue);
1219 return 0;
1220 }
1221 }
1222
1223 if (obsolete)
1224 log_syntax(unit, LOG_NOTICE, filename, line, 0,
1225 "Standard output type %s is obsolete, automatically updating to %s. Please update your unit file, and consider removing the setting altogether.",
1226 rvalue, exec_output_to_string(eo));
1227
1228 if (streq(lvalue, "StandardOutput")) {
1229 if (eo == EXEC_OUTPUT_NAMED_FD)
1230 free_and_replace(c->stdio_fdname[STDOUT_FILENO], resolved);
1231 else
1232 free_and_replace(c->stdio_file[STDOUT_FILENO], resolved);
1233
1234 c->std_output = eo;
1235
1236 } else {
1237 assert(streq(lvalue, "StandardError"));
1238
1239 if (eo == EXEC_OUTPUT_NAMED_FD)
1240 free_and_replace(c->stdio_fdname[STDERR_FILENO], resolved);
1241 else
1242 free_and_replace(c->stdio_file[STDERR_FILENO], resolved);
1243
1244 c->std_error = eo;
1245 }
1246
1247 return 0;
1248 }
1249
1250 int config_parse_exec_io_class(const char *unit,
1251 const char *filename,
1252 unsigned line,
1253 const char *section,
1254 unsigned section_line,
1255 const char *lvalue,
1256 int ltype,
1257 const char *rvalue,
1258 void *data,
1259 void *userdata) {
1260
1261 ExecContext *c = data;
1262 int x;
1263
1264 assert(filename);
1265 assert(lvalue);
1266 assert(rvalue);
1267 assert(data);
1268
1269 if (isempty(rvalue)) {
1270 c->ioprio_set = false;
1271 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1272 return 0;
1273 }
1274
1275 x = ioprio_class_from_string(rvalue);
1276 if (x < 0) {
1277 log_syntax(unit, LOG_WARNING, filename, line, x, "Failed to parse IO scheduling class, ignoring: %s", rvalue);
1278 return 0;
1279 }
1280
1281 c->ioprio = IOPRIO_PRIO_VALUE(x, IOPRIO_PRIO_DATA(c->ioprio));
1282 c->ioprio_set = true;
1283
1284 return 0;
1285 }
1286
1287 int config_parse_exec_io_priority(const char *unit,
1288 const char *filename,
1289 unsigned line,
1290 const char *section,
1291 unsigned section_line,
1292 const char *lvalue,
1293 int ltype,
1294 const char *rvalue,
1295 void *data,
1296 void *userdata) {
1297
1298 ExecContext *c = data;
1299 int i, r;
1300
1301 assert(filename);
1302 assert(lvalue);
1303 assert(rvalue);
1304 assert(data);
1305
1306 if (isempty(rvalue)) {
1307 c->ioprio_set = false;
1308 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1309 return 0;
1310 }
1311
1312 r = ioprio_parse_priority(rvalue, &i);
1313 if (r < 0) {
1314 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse IO priority, ignoring: %s", rvalue);
1315 return 0;
1316 }
1317
1318 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c->ioprio), i);
1319 c->ioprio_set = true;
1320
1321 return 0;
1322 }
1323
1324 int config_parse_exec_cpu_sched_policy(const char *unit,
1325 const char *filename,
1326 unsigned line,
1327 const char *section,
1328 unsigned section_line,
1329 const char *lvalue,
1330 int ltype,
1331 const char *rvalue,
1332 void *data,
1333 void *userdata) {
1334
1335 ExecContext *c = data;
1336 int x;
1337
1338 assert(filename);
1339 assert(lvalue);
1340 assert(rvalue);
1341 assert(data);
1342
1343 if (isempty(rvalue)) {
1344 c->cpu_sched_set = false;
1345 c->cpu_sched_policy = SCHED_OTHER;
1346 c->cpu_sched_priority = 0;
1347 return 0;
1348 }
1349
1350 x = sched_policy_from_string(rvalue);
1351 if (x < 0) {
1352 log_syntax(unit, LOG_WARNING, filename, line, x, "Failed to parse CPU scheduling policy, ignoring: %s", rvalue);
1353 return 0;
1354 }
1355
1356 c->cpu_sched_policy = x;
1357 /* Moving to or from real-time policy? We need to adjust the priority */
1358 c->cpu_sched_priority = CLAMP(c->cpu_sched_priority, sched_get_priority_min(x), sched_get_priority_max(x));
1359 c->cpu_sched_set = true;
1360
1361 return 0;
1362 }
1363
1364 int config_parse_exec_mount_apivfs(const char *unit,
1365 const char *filename,
1366 unsigned line,
1367 const char *section,
1368 unsigned section_line,
1369 const char *lvalue,
1370 int ltype,
1371 const char *rvalue,
1372 void *data,
1373 void *userdata) {
1374
1375 ExecContext *c = data;
1376 int k;
1377
1378 assert(filename);
1379 assert(lvalue);
1380 assert(rvalue);
1381 assert(data);
1382
1383 if (isempty(rvalue)) {
1384 c->mount_apivfs_set = false;
1385 c->mount_apivfs = false;
1386 return 0;
1387 }
1388
1389 k = parse_boolean(rvalue);
1390 if (k < 0) {
1391 log_syntax(unit, LOG_WARNING, filename, line, k,
1392 "Failed to parse boolean value, ignoring: %s",
1393 rvalue);
1394 return 0;
1395 }
1396
1397 c->mount_apivfs_set = true;
1398 c->mount_apivfs = k;
1399 return 0;
1400 }
1401
1402 int config_parse_numa_mask(const char *unit,
1403 const char *filename,
1404 unsigned line,
1405 const char *section,
1406 unsigned section_line,
1407 const char *lvalue,
1408 int ltype,
1409 const char *rvalue,
1410 void *data,
1411 void *userdata) {
1412 int r;
1413 NUMAPolicy *p = data;
1414
1415 assert(filename);
1416 assert(lvalue);
1417 assert(rvalue);
1418 assert(data);
1419
1420 if (streq(rvalue, "all")) {
1421 r = numa_mask_add_all(&p->nodes);
1422 if (r < 0)
1423 log_syntax(unit, LOG_WARNING, filename, line, r,
1424 "Failed to create NUMA mask representing \"all\" NUMA nodes, ignoring: %m");
1425 } else {
1426 r = parse_cpu_set_extend(rvalue, &p->nodes, true, unit, filename, line, lvalue);
1427 if (r < 0)
1428 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse NUMA node mask, ignoring: %s", rvalue);
1429 }
1430
1431 return 0;
1432 }
1433
1434 int config_parse_exec_cpu_sched_prio(const char *unit,
1435 const char *filename,
1436 unsigned line,
1437 const char *section,
1438 unsigned section_line,
1439 const char *lvalue,
1440 int ltype,
1441 const char *rvalue,
1442 void *data,
1443 void *userdata) {
1444
1445 ExecContext *c = data;
1446 int i, min, max, r;
1447
1448 assert(filename);
1449 assert(lvalue);
1450 assert(rvalue);
1451 assert(data);
1452
1453 r = safe_atoi(rvalue, &i);
1454 if (r < 0) {
1455 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse CPU scheduling priority, ignoring: %s", rvalue);
1456 return 0;
1457 }
1458
1459 /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0 */
1460 min = sched_get_priority_min(c->cpu_sched_policy);
1461 max = sched_get_priority_max(c->cpu_sched_policy);
1462
1463 if (i < min || i > max) {
1464 log_syntax(unit, LOG_WARNING, filename, line, 0, "CPU scheduling priority is out of range, ignoring: %s", rvalue);
1465 return 0;
1466 }
1467
1468 c->cpu_sched_priority = i;
1469 c->cpu_sched_set = true;
1470
1471 return 0;
1472 }
1473
1474 int config_parse_root_image_options(
1475 const char *unit,
1476 const char *filename,
1477 unsigned line,
1478 const char *section,
1479 unsigned section_line,
1480 const char *lvalue,
1481 int ltype,
1482 const char *rvalue,
1483 void *data,
1484 void *userdata) {
1485
1486 _cleanup_(mount_options_free_allp) MountOptions *options = NULL;
1487 _cleanup_strv_free_ char **l = NULL;
1488 char **first = NULL, **second = NULL;
1489 ExecContext *c = data;
1490 const Unit *u = userdata;
1491 int r;
1492
1493 assert(filename);
1494 assert(lvalue);
1495 assert(rvalue);
1496 assert(data);
1497
1498 if (isempty(rvalue)) {
1499 c->root_image_options = mount_options_free_all(c->root_image_options);
1500 return 0;
1501 }
1502
1503 r = strv_split_colon_pairs(&l, rvalue);
1504 if (r == -ENOMEM)
1505 return log_oom();
1506 if (r < 0) {
1507 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
1508 return 0;
1509 }
1510
1511 STRV_FOREACH_PAIR(first, second, l) {
1512 MountOptions *o = NULL;
1513 _cleanup_free_ char *mount_options_resolved = NULL;
1514 const char *mount_options = NULL, *partition = "root";
1515 PartitionDesignator partition_designator;
1516
1517 /* Format is either 'root:foo' or 'foo' (root is implied) */
1518 if (!isempty(*second)) {
1519 partition = *first;
1520 mount_options = *second;
1521 } else
1522 mount_options = *first;
1523
1524 partition_designator = partition_designator_from_string(partition);
1525 if (partition_designator < 0) {
1526 log_syntax(unit, LOG_WARNING, filename, line, partition_designator,
1527 "Invalid partition name %s, ignoring", partition);
1528 continue;
1529 }
1530 r = unit_full_printf(u, mount_options, &mount_options_resolved);
1531 if (r < 0) {
1532 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options);
1533 continue;
1534 }
1535
1536 o = new(MountOptions, 1);
1537 if (!o)
1538 return log_oom();
1539 *o = (MountOptions) {
1540 .partition_designator = partition_designator,
1541 .options = TAKE_PTR(mount_options_resolved),
1542 };
1543 LIST_APPEND(mount_options, options, TAKE_PTR(o));
1544 }
1545
1546 /* empty spaces/separators only */
1547 if (LIST_IS_EMPTY(options))
1548 c->root_image_options = mount_options_free_all(c->root_image_options);
1549 else
1550 LIST_JOIN(mount_options, c->root_image_options, options);
1551
1552 return 0;
1553 }
1554
1555 int config_parse_exec_root_hash(
1556 const char *unit,
1557 const char *filename,
1558 unsigned line,
1559 const char *section,
1560 unsigned section_line,
1561 const char *lvalue,
1562 int ltype,
1563 const char *rvalue,
1564 void *data,
1565 void *userdata) {
1566
1567 _cleanup_free_ void *roothash_decoded = NULL;
1568 ExecContext *c = data;
1569 size_t roothash_decoded_size = 0;
1570 int r;
1571
1572 assert(data);
1573 assert(filename);
1574 assert(line);
1575 assert(rvalue);
1576
1577 if (isempty(rvalue)) {
1578 /* Reset if the empty string is assigned */
1579 c->root_hash_path = mfree(c->root_hash_path);
1580 c->root_hash = mfree(c->root_hash);
1581 c->root_hash_size = 0;
1582 return 0;
1583 }
1584
1585 if (path_is_absolute(rvalue)) {
1586 /* We have the path to a roothash to load and decode, eg: RootHash=/foo/bar.roothash */
1587 _cleanup_free_ char *p = NULL;
1588
1589 p = strdup(rvalue);
1590 if (!p)
1591 return -ENOMEM;
1592
1593 free_and_replace(c->root_hash_path, p);
1594 c->root_hash = mfree(c->root_hash);
1595 c->root_hash_size = 0;
1596 return 0;
1597 }
1598
1599 /* We have a roothash to decode, eg: RootHash=012345789abcdef */
1600 r = unhexmem(rvalue, strlen(rvalue), &roothash_decoded, &roothash_decoded_size);
1601 if (r < 0) {
1602 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to decode RootHash=, ignoring: %s", rvalue);
1603 return 0;
1604 }
1605 if (roothash_decoded_size < sizeof(sd_id128_t)) {
1606 log_syntax(unit, LOG_WARNING, filename, line, 0, "RootHash= is too short, ignoring: %s", rvalue);
1607 return 0;
1608 }
1609
1610 free_and_replace(c->root_hash, roothash_decoded);
1611 c->root_hash_size = roothash_decoded_size;
1612 c->root_hash_path = mfree(c->root_hash_path);
1613
1614 return 0;
1615 }
1616
1617 int config_parse_exec_root_hash_sig(
1618 const char *unit,
1619 const char *filename,
1620 unsigned line,
1621 const char *section,
1622 unsigned section_line,
1623 const char *lvalue,
1624 int ltype,
1625 const char *rvalue,
1626 void *data,
1627 void *userdata) {
1628
1629 _cleanup_free_ void *roothash_sig_decoded = NULL;
1630 char *value;
1631 ExecContext *c = data;
1632 size_t roothash_sig_decoded_size = 0;
1633 int r;
1634
1635 assert(data);
1636 assert(filename);
1637 assert(line);
1638 assert(rvalue);
1639
1640 if (isempty(rvalue)) {
1641 /* Reset if the empty string is assigned */
1642 c->root_hash_sig_path = mfree(c->root_hash_sig_path);
1643 c->root_hash_sig = mfree(c->root_hash_sig);
1644 c->root_hash_sig_size = 0;
1645 return 0;
1646 }
1647
1648 if (path_is_absolute(rvalue)) {
1649 /* We have the path to a roothash signature to load and decode, eg: RootHashSignature=/foo/bar.roothash.p7s */
1650 _cleanup_free_ char *p = NULL;
1651
1652 p = strdup(rvalue);
1653 if (!p)
1654 return log_oom();
1655
1656 free_and_replace(c->root_hash_sig_path, p);
1657 c->root_hash_sig = mfree(c->root_hash_sig);
1658 c->root_hash_sig_size = 0;
1659 return 0;
1660 }
1661
1662 if (!(value = startswith(rvalue, "base64:"))) {
1663 log_syntax(unit, LOG_WARNING, filename, line, 0,
1664 "Failed to decode RootHashSignature=, not a path but doesn't start with 'base64:', ignoring: %s", rvalue);
1665 return 0;
1666 }
1667
1668 /* We have a roothash signature to decode, eg: RootHashSignature=base64:012345789abcdef */
1669 r = unbase64mem(value, strlen(value), &roothash_sig_decoded, &roothash_sig_decoded_size);
1670 if (r < 0) {
1671 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to decode RootHashSignature=, ignoring: %s", rvalue);
1672 return 0;
1673 }
1674
1675 free_and_replace(c->root_hash_sig, roothash_sig_decoded);
1676 c->root_hash_sig_size = roothash_sig_decoded_size;
1677 c->root_hash_sig_path = mfree(c->root_hash_sig_path);
1678
1679 return 0;
1680 }
1681
1682 int config_parse_exec_cpu_affinity(
1683 const char *unit,
1684 const char *filename,
1685 unsigned line,
1686 const char *section,
1687 unsigned section_line,
1688 const char *lvalue,
1689 int ltype,
1690 const char *rvalue,
1691 void *data,
1692 void *userdata) {
1693
1694 ExecContext *c = data;
1695 const Unit *u = userdata;
1696 _cleanup_free_ char *k = NULL;
1697 int r;
1698
1699 assert(filename);
1700 assert(lvalue);
1701 assert(rvalue);
1702 assert(data);
1703
1704 if (streq(rvalue, "numa")) {
1705 c->cpu_affinity_from_numa = true;
1706 cpu_set_reset(&c->cpu_set);
1707
1708 return 0;
1709 }
1710
1711 r = unit_full_printf(u, rvalue, &k);
1712 if (r < 0) {
1713 log_syntax(unit, LOG_WARNING, filename, line, r,
1714 "Failed to resolve unit specifiers in '%s', ignoring: %m",
1715 rvalue);
1716 return 0;
1717 }
1718
1719 r = parse_cpu_set_extend(k, &c->cpu_set, true, unit, filename, line, lvalue);
1720 if (r >= 0)
1721 c->cpu_affinity_from_numa = false;
1722
1723 return 0;
1724 }
1725
1726 int config_parse_capability_set(
1727 const char *unit,
1728 const char *filename,
1729 unsigned line,
1730 const char *section,
1731 unsigned section_line,
1732 const char *lvalue,
1733 int ltype,
1734 const char *rvalue,
1735 void *data,
1736 void *userdata) {
1737
1738 uint64_t *capability_set = data;
1739 uint64_t sum = 0, initial = 0;
1740 bool invert = false;
1741 int r;
1742
1743 assert(filename);
1744 assert(lvalue);
1745 assert(rvalue);
1746 assert(data);
1747
1748 if (rvalue[0] == '~') {
1749 invert = true;
1750 rvalue++;
1751 }
1752
1753 if (streq(lvalue, "CapabilityBoundingSet"))
1754 initial = CAP_ALL; /* initialized to all bits on */
1755 /* else "AmbientCapabilities" initialized to all bits off */
1756
1757 r = capability_set_from_string(rvalue, &sum);
1758 if (r < 0) {
1759 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= specifier '%s', ignoring: %m", lvalue, rvalue);
1760 return 0;
1761 }
1762
1763 if (sum == 0 || *capability_set == initial)
1764 /* "", "~" or uninitialized data -> replace */
1765 *capability_set = invert ? ~sum : sum;
1766 else {
1767 /* previous data -> merge */
1768 if (invert)
1769 *capability_set &= ~sum;
1770 else
1771 *capability_set |= sum;
1772 }
1773
1774 return 0;
1775 }
1776
1777 int config_parse_exec_selinux_context(
1778 const char *unit,
1779 const char *filename,
1780 unsigned line,
1781 const char *section,
1782 unsigned section_line,
1783 const char *lvalue,
1784 int ltype,
1785 const char *rvalue,
1786 void *data,
1787 void *userdata) {
1788
1789 ExecContext *c = data;
1790 const Unit *u = userdata;
1791 bool ignore;
1792 char *k;
1793 int r;
1794
1795 assert(filename);
1796 assert(lvalue);
1797 assert(rvalue);
1798 assert(data);
1799
1800 if (isempty(rvalue)) {
1801 c->selinux_context = mfree(c->selinux_context);
1802 c->selinux_context_ignore = false;
1803 return 0;
1804 }
1805
1806 if (rvalue[0] == '-') {
1807 ignore = true;
1808 rvalue++;
1809 } else
1810 ignore = false;
1811
1812 r = unit_full_printf(u, rvalue, &k);
1813 if (r < 0) {
1814 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
1815 "Failed to resolve unit specifiers in '%s'%s: %m",
1816 rvalue, ignore ? ", ignoring" : "");
1817 return ignore ? 0 : -ENOEXEC;
1818 }
1819
1820 free_and_replace(c->selinux_context, k);
1821 c->selinux_context_ignore = ignore;
1822
1823 return 0;
1824 }
1825
1826 int config_parse_exec_apparmor_profile(
1827 const char *unit,
1828 const char *filename,
1829 unsigned line,
1830 const char *section,
1831 unsigned section_line,
1832 const char *lvalue,
1833 int ltype,
1834 const char *rvalue,
1835 void *data,
1836 void *userdata) {
1837
1838 ExecContext *c = data;
1839 const Unit *u = userdata;
1840 bool ignore;
1841 char *k;
1842 int r;
1843
1844 assert(filename);
1845 assert(lvalue);
1846 assert(rvalue);
1847 assert(data);
1848
1849 if (isempty(rvalue)) {
1850 c->apparmor_profile = mfree(c->apparmor_profile);
1851 c->apparmor_profile_ignore = false;
1852 return 0;
1853 }
1854
1855 if (rvalue[0] == '-') {
1856 ignore = true;
1857 rvalue++;
1858 } else
1859 ignore = false;
1860
1861 r = unit_full_printf(u, rvalue, &k);
1862 if (r < 0) {
1863 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
1864 "Failed to resolve unit specifiers in '%s'%s: %m",
1865 rvalue, ignore ? ", ignoring" : "");
1866 return ignore ? 0 : -ENOEXEC;
1867 }
1868
1869 free_and_replace(c->apparmor_profile, k);
1870 c->apparmor_profile_ignore = ignore;
1871
1872 return 0;
1873 }
1874
1875 int config_parse_exec_smack_process_label(
1876 const char *unit,
1877 const char *filename,
1878 unsigned line,
1879 const char *section,
1880 unsigned section_line,
1881 const char *lvalue,
1882 int ltype,
1883 const char *rvalue,
1884 void *data,
1885 void *userdata) {
1886
1887 ExecContext *c = data;
1888 const Unit *u = userdata;
1889 bool ignore;
1890 char *k;
1891 int r;
1892
1893 assert(filename);
1894 assert(lvalue);
1895 assert(rvalue);
1896 assert(data);
1897
1898 if (isempty(rvalue)) {
1899 c->smack_process_label = mfree(c->smack_process_label);
1900 c->smack_process_label_ignore = false;
1901 return 0;
1902 }
1903
1904 if (rvalue[0] == '-') {
1905 ignore = true;
1906 rvalue++;
1907 } else
1908 ignore = false;
1909
1910 r = unit_full_printf(u, rvalue, &k);
1911 if (r < 0) {
1912 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
1913 "Failed to resolve unit specifiers in '%s'%s: %m",
1914 rvalue, ignore ? ", ignoring" : "");
1915 return ignore ? 0 : -ENOEXEC;
1916 }
1917
1918 free_and_replace(c->smack_process_label, k);
1919 c->smack_process_label_ignore = ignore;
1920
1921 return 0;
1922 }
1923
1924 int config_parse_timer(
1925 const char *unit,
1926 const char *filename,
1927 unsigned line,
1928 const char *section,
1929 unsigned section_line,
1930 const char *lvalue,
1931 int ltype,
1932 const char *rvalue,
1933 void *data,
1934 void *userdata) {
1935
1936 _cleanup_(calendar_spec_freep) CalendarSpec *c = NULL;
1937 _cleanup_free_ char *k = NULL;
1938 const Unit *u = userdata;
1939 Timer *t = data;
1940 usec_t usec = 0;
1941 TimerValue *v;
1942 int r;
1943
1944 assert(filename);
1945 assert(lvalue);
1946 assert(rvalue);
1947 assert(data);
1948
1949 if (isempty(rvalue)) {
1950 /* Empty assignment resets list */
1951 timer_free_values(t);
1952 return 0;
1953 }
1954
1955 r = unit_full_printf(u, rvalue, &k);
1956 if (r < 0) {
1957 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
1958 return 0;
1959 }
1960
1961 if (ltype == TIMER_CALENDAR) {
1962 r = calendar_spec_from_string(k, &c);
1963 if (r < 0) {
1964 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse calendar specification, ignoring: %s", k);
1965 return 0;
1966 }
1967 } else {
1968 r = parse_sec(k, &usec);
1969 if (r < 0) {
1970 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse timer value, ignoring: %s", k);
1971 return 0;
1972 }
1973 }
1974
1975 v = new(TimerValue, 1);
1976 if (!v)
1977 return log_oom();
1978
1979 *v = (TimerValue) {
1980 .base = ltype,
1981 .value = usec,
1982 .calendar_spec = TAKE_PTR(c),
1983 };
1984
1985 LIST_PREPEND(value, t->values, v);
1986
1987 return 0;
1988 }
1989
1990 int config_parse_trigger_unit(
1991 const char *unit,
1992 const char *filename,
1993 unsigned line,
1994 const char *section,
1995 unsigned section_line,
1996 const char *lvalue,
1997 int ltype,
1998 const char *rvalue,
1999 void *data,
2000 void *userdata) {
2001
2002 _cleanup_free_ char *p = NULL;
2003 Unit *u = data;
2004 UnitType type;
2005 int r;
2006
2007 assert(filename);
2008 assert(lvalue);
2009 assert(rvalue);
2010 assert(data);
2011
2012 if (UNIT_TRIGGER(u)) {
2013 log_syntax(unit, LOG_WARNING, filename, line, 0, "Multiple units to trigger specified, ignoring: %s", rvalue);
2014 return 0;
2015 }
2016
2017 r = unit_name_printf(u, rvalue, &p);
2018 if (r < 0) {
2019 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2020 return 0;
2021 }
2022
2023 type = unit_name_to_type(p);
2024 if (type < 0) {
2025 log_syntax(unit, LOG_WARNING, filename, line, type, "Unit type not valid, ignoring: %s", rvalue);
2026 return 0;
2027 }
2028 if (unit_has_name(u, p)) {
2029 log_syntax(unit, LOG_WARNING, filename, line, 0, "Units cannot trigger themselves, ignoring: %s", rvalue);
2030 return 0;
2031 }
2032
2033 r = unit_add_two_dependencies_by_name(u, UNIT_BEFORE, UNIT_TRIGGERS, p, true, UNIT_DEPENDENCY_FILE);
2034 if (r < 0) {
2035 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add trigger on %s, ignoring: %m", p);
2036 return 0;
2037 }
2038
2039 return 0;
2040 }
2041
2042 int config_parse_path_spec(const char *unit,
2043 const char *filename,
2044 unsigned line,
2045 const char *section,
2046 unsigned section_line,
2047 const char *lvalue,
2048 int ltype,
2049 const char *rvalue,
2050 void *data,
2051 void *userdata) {
2052
2053 Path *p = data;
2054 PathSpec *s;
2055 PathType b;
2056 _cleanup_free_ char *k = NULL;
2057 int r;
2058
2059 assert(filename);
2060 assert(lvalue);
2061 assert(rvalue);
2062 assert(data);
2063
2064 if (isempty(rvalue)) {
2065 /* Empty assignment clears list */
2066 path_free_specs(p);
2067 return 0;
2068 }
2069
2070 b = path_type_from_string(lvalue);
2071 if (b < 0) {
2072 log_syntax(unit, LOG_WARNING, filename, line, b, "Failed to parse path type, ignoring: %s", lvalue);
2073 return 0;
2074 }
2075
2076 r = unit_path_printf(UNIT(p), rvalue, &k);
2077 if (r < 0) {
2078 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2079 return 0;
2080 }
2081
2082 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2083 if (r < 0)
2084 return 0;
2085
2086 s = new0(PathSpec, 1);
2087 if (!s)
2088 return log_oom();
2089
2090 s->unit = UNIT(p);
2091 s->path = TAKE_PTR(k);
2092 s->type = b;
2093 s->inotify_fd = -1;
2094
2095 LIST_PREPEND(spec, p->specs, s);
2096
2097 return 0;
2098 }
2099
2100 int config_parse_socket_service(
2101 const char *unit,
2102 const char *filename,
2103 unsigned line,
2104 const char *section,
2105 unsigned section_line,
2106 const char *lvalue,
2107 int ltype,
2108 const char *rvalue,
2109 void *data,
2110 void *userdata) {
2111
2112 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2113 _cleanup_free_ char *p = NULL;
2114 Socket *s = data;
2115 Unit *x;
2116 int r;
2117
2118 assert(filename);
2119 assert(lvalue);
2120 assert(rvalue);
2121 assert(data);
2122
2123 r = unit_name_printf(UNIT(s), rvalue, &p);
2124 if (r < 0) {
2125 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2126 return 0;
2127 }
2128
2129 if (!endswith(p, ".service")) {
2130 log_syntax(unit, LOG_WARNING, filename, line, 0, "Unit must be of type service, ignoring: %s", rvalue);
2131 return 0;
2132 }
2133
2134 r = manager_load_unit(UNIT(s)->manager, p, NULL, &error, &x);
2135 if (r < 0) {
2136 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to load unit %s, ignoring: %s", rvalue, bus_error_message(&error, r));
2137 return 0;
2138 }
2139
2140 unit_ref_set(&s->service, UNIT(s), x);
2141
2142 return 0;
2143 }
2144
2145 int config_parse_fdname(
2146 const char *unit,
2147 const char *filename,
2148 unsigned line,
2149 const char *section,
2150 unsigned section_line,
2151 const char *lvalue,
2152 int ltype,
2153 const char *rvalue,
2154 void *data,
2155 void *userdata) {
2156
2157 _cleanup_free_ char *p = NULL;
2158 Socket *s = data;
2159 int r;
2160
2161 assert(filename);
2162 assert(lvalue);
2163 assert(rvalue);
2164 assert(data);
2165
2166 if (isempty(rvalue)) {
2167 s->fdname = mfree(s->fdname);
2168 return 0;
2169 }
2170
2171 r = unit_fd_printf(UNIT(s), rvalue, &p);
2172 if (r < 0) {
2173 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
2174 return 0;
2175 }
2176
2177 if (!fdname_is_valid(p)) {
2178 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid file descriptor name, ignoring: %s", p);
2179 return 0;
2180 }
2181
2182 return free_and_replace(s->fdname, p);
2183 }
2184
2185 int config_parse_service_sockets(
2186 const char *unit,
2187 const char *filename,
2188 unsigned line,
2189 const char *section,
2190 unsigned section_line,
2191 const char *lvalue,
2192 int ltype,
2193 const char *rvalue,
2194 void *data,
2195 void *userdata) {
2196
2197 Service *s = data;
2198 int r;
2199
2200 assert(filename);
2201 assert(lvalue);
2202 assert(rvalue);
2203 assert(data);
2204
2205 for (const char *p = rvalue;;) {
2206 _cleanup_free_ char *word = NULL, *k = NULL;
2207
2208 r = extract_first_word(&p, &word, NULL, 0);
2209 if (r == -ENOMEM)
2210 return log_oom();
2211 if (r < 0) {
2212 log_syntax(unit, LOG_WARNING, filename, line, r, "Trailing garbage in sockets, ignoring: %s", rvalue);
2213 return 0;
2214 }
2215 if (r == 0)
2216 return 0;
2217
2218 r = unit_name_printf(UNIT(s), word, &k);
2219 if (r < 0) {
2220 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
2221 continue;
2222 }
2223
2224 if (!endswith(k, ".socket")) {
2225 log_syntax(unit, LOG_WARNING, filename, line, 0, "Unit must be of type socket, ignoring: %s", k);
2226 continue;
2227 }
2228
2229 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_WANTS, UNIT_AFTER, k, true, UNIT_DEPENDENCY_FILE);
2230 if (r < 0)
2231 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
2232
2233 r = unit_add_dependency_by_name(UNIT(s), UNIT_TRIGGERED_BY, k, true, UNIT_DEPENDENCY_FILE);
2234 if (r < 0)
2235 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
2236 }
2237 }
2238
2239 int config_parse_bus_name(
2240 const char *unit,
2241 const char *filename,
2242 unsigned line,
2243 const char *section,
2244 unsigned section_line,
2245 const char *lvalue,
2246 int ltype,
2247 const char *rvalue,
2248 void *data,
2249 void *userdata) {
2250
2251 _cleanup_free_ char *k = NULL;
2252 const Unit *u = userdata;
2253 int r;
2254
2255 assert(filename);
2256 assert(lvalue);
2257 assert(rvalue);
2258 assert(u);
2259
2260 r = unit_full_printf_full(u, rvalue, SD_BUS_MAXIMUM_NAME_LENGTH, &k);
2261 if (r < 0) {
2262 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2263 return 0;
2264 }
2265
2266 if (!sd_bus_service_name_is_valid(k)) {
2267 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid bus name, ignoring: %s", k);
2268 return 0;
2269 }
2270
2271 return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
2272 }
2273
2274 int config_parse_service_timeout(
2275 const char *unit,
2276 const char *filename,
2277 unsigned line,
2278 const char *section,
2279 unsigned section_line,
2280 const char *lvalue,
2281 int ltype,
2282 const char *rvalue,
2283 void *data,
2284 void *userdata) {
2285
2286 Service *s = userdata;
2287 usec_t usec;
2288 int r;
2289
2290 assert(filename);
2291 assert(lvalue);
2292 assert(rvalue);
2293 assert(s);
2294
2295 /* This is called for two cases: TimeoutSec= and TimeoutStartSec=. */
2296
2297 /* Traditionally, these options accepted 0 to disable the timeouts. However, a timeout of 0 suggests it happens
2298 * immediately, hence fix this to become USEC_INFINITY instead. This is in-line with how we internally handle
2299 * all other timeouts. */
2300 r = parse_sec_fix_0(rvalue, &usec);
2301 if (r < 0) {
2302 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
2303 return 0;
2304 }
2305
2306 s->start_timeout_defined = true;
2307 s->timeout_start_usec = usec;
2308
2309 if (streq(lvalue, "TimeoutSec"))
2310 s->timeout_stop_usec = usec;
2311
2312 return 0;
2313 }
2314
2315 int config_parse_timeout_abort(
2316 const char *unit,
2317 const char *filename,
2318 unsigned line,
2319 const char *section,
2320 unsigned section_line,
2321 const char *lvalue,
2322 int ltype,
2323 const char *rvalue,
2324 void *data,
2325 void *userdata) {
2326
2327 usec_t *ret = data;
2328 int r;
2329
2330 assert(filename);
2331 assert(lvalue);
2332 assert(rvalue);
2333 assert(ret);
2334
2335 /* Note: apart from setting the arg, this returns an extra bit of information in the return value. */
2336
2337 if (isempty(rvalue)) {
2338 *ret = 0;
2339 return 0; /* "not set" */
2340 }
2341
2342 r = parse_sec(rvalue, ret);
2343 if (r < 0)
2344 return log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= setting, ignoring: %s", lvalue, rvalue);
2345
2346 return 1; /* "set" */
2347 }
2348
2349 int config_parse_service_timeout_abort(
2350 const char *unit,
2351 const char *filename,
2352 unsigned line,
2353 const char *section,
2354 unsigned section_line,
2355 const char *lvalue,
2356 int ltype,
2357 const char *rvalue,
2358 void *data,
2359 void *userdata) {
2360
2361 Service *s = userdata;
2362 int r;
2363
2364 assert(s);
2365
2366 r = config_parse_timeout_abort(unit, filename, line, section, section_line, lvalue, ltype, rvalue,
2367 &s->timeout_abort_usec, s);
2368 if (r >= 0)
2369 s->timeout_abort_set = r;
2370 return 0;
2371 }
2372
2373 int config_parse_sec_fix_0(
2374 const char *unit,
2375 const char *filename,
2376 unsigned line,
2377 const char *section,
2378 unsigned section_line,
2379 const char *lvalue,
2380 int ltype,
2381 const char *rvalue,
2382 void *data,
2383 void *userdata) {
2384
2385 usec_t *usec = data;
2386 int r;
2387
2388 assert(filename);
2389 assert(lvalue);
2390 assert(rvalue);
2391 assert(usec);
2392
2393 /* This is pretty much like config_parse_sec(), except that this treats a time of 0 as infinity, for
2394 * compatibility with older versions of systemd where 0 instead of infinity was used as indicator to turn off a
2395 * timeout. */
2396
2397 r = parse_sec_fix_0(rvalue, usec);
2398 if (r < 0)
2399 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
2400
2401 return 0;
2402 }
2403
2404 int config_parse_user_group_compat(
2405 const char *unit,
2406 const char *filename,
2407 unsigned line,
2408 const char *section,
2409 unsigned section_line,
2410 const char *lvalue,
2411 int ltype,
2412 const char *rvalue,
2413 void *data,
2414 void *userdata) {
2415
2416 _cleanup_free_ char *k = NULL;
2417 char **user = data;
2418 const Unit *u = userdata;
2419 int r;
2420
2421 assert(filename);
2422 assert(lvalue);
2423 assert(rvalue);
2424 assert(u);
2425
2426 if (isempty(rvalue)) {
2427 *user = mfree(*user);
2428 return 0;
2429 }
2430
2431 r = unit_full_printf(u, rvalue, &k);
2432 if (r < 0) {
2433 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", rvalue);
2434 return -ENOEXEC;
2435 }
2436
2437 if (!valid_user_group_name(k, VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX|VALID_USER_WARN)) {
2438 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
2439 return -ENOEXEC;
2440 }
2441
2442 if (strstr(lvalue, "User") && streq(k, NOBODY_USER_NAME))
2443 log_struct(LOG_NOTICE,
2444 "MESSAGE=%s:%u: Special user %s configured, this is not safe!", filename, line, k,
2445 "UNIT=%s", unit,
2446 "MESSAGE_ID=" SD_MESSAGE_NOBODY_USER_UNSUITABLE_STR,
2447 "OFFENDING_USER=%s", k,
2448 "CONFIG_FILE=%s", filename,
2449 "CONFIG_LINE=%u", line);
2450
2451 return free_and_replace(*user, k);
2452 }
2453
2454 int config_parse_user_group_strv_compat(
2455 const char *unit,
2456 const char *filename,
2457 unsigned line,
2458 const char *section,
2459 unsigned section_line,
2460 const char *lvalue,
2461 int ltype,
2462 const char *rvalue,
2463 void *data,
2464 void *userdata) {
2465
2466 char ***users = data;
2467 const Unit *u = userdata;
2468 int r;
2469
2470 assert(filename);
2471 assert(lvalue);
2472 assert(rvalue);
2473 assert(u);
2474
2475 if (isempty(rvalue)) {
2476 *users = strv_free(*users);
2477 return 0;
2478 }
2479
2480 for (const char *p = rvalue;;) {
2481 _cleanup_free_ char *word = NULL, *k = NULL;
2482
2483 r = extract_first_word(&p, &word, NULL, 0);
2484 if (r == -ENOMEM)
2485 return log_oom();
2486 if (r < 0) {
2487 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax: %s", rvalue);
2488 return -ENOEXEC;
2489 }
2490 if (r == 0)
2491 return 0;
2492
2493 r = unit_full_printf(u, word, &k);
2494 if (r < 0) {
2495 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", word);
2496 return -ENOEXEC;
2497 }
2498
2499 if (!valid_user_group_name(k, VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX|VALID_USER_WARN)) {
2500 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
2501 return -ENOEXEC;
2502 }
2503
2504 r = strv_push(users, k);
2505 if (r < 0)
2506 return log_oom();
2507
2508 k = NULL;
2509 }
2510 }
2511
2512 int config_parse_working_directory(
2513 const char *unit,
2514 const char *filename,
2515 unsigned line,
2516 const char *section,
2517 unsigned section_line,
2518 const char *lvalue,
2519 int ltype,
2520 const char *rvalue,
2521 void *data,
2522 void *userdata) {
2523
2524 ExecContext *c = data;
2525 const Unit *u = userdata;
2526 bool missing_ok;
2527 int r;
2528
2529 assert(filename);
2530 assert(lvalue);
2531 assert(rvalue);
2532 assert(c);
2533 assert(u);
2534
2535 if (isempty(rvalue)) {
2536 c->working_directory_home = false;
2537 c->working_directory = mfree(c->working_directory);
2538 return 0;
2539 }
2540
2541 if (rvalue[0] == '-') {
2542 missing_ok = true;
2543 rvalue++;
2544 } else
2545 missing_ok = false;
2546
2547 if (streq(rvalue, "~")) {
2548 c->working_directory_home = true;
2549 c->working_directory = mfree(c->working_directory);
2550 } else {
2551 _cleanup_free_ char *k = NULL;
2552
2553 r = unit_path_printf(u, rvalue, &k);
2554 if (r < 0) {
2555 log_syntax(unit, missing_ok ? LOG_WARNING : LOG_ERR, filename, line, r,
2556 "Failed to resolve unit specifiers in working directory path '%s'%s: %m",
2557 rvalue, missing_ok ? ", ignoring" : "");
2558 return missing_ok ? 0 : -ENOEXEC;
2559 }
2560
2561 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE | (missing_ok ? 0 : PATH_CHECK_FATAL), unit, filename, line, lvalue);
2562 if (r < 0)
2563 return missing_ok ? 0 : -ENOEXEC;
2564
2565 c->working_directory_home = false;
2566 free_and_replace(c->working_directory, k);
2567 }
2568
2569 c->working_directory_missing_ok = missing_ok;
2570 return 0;
2571 }
2572
2573 int config_parse_unit_env_file(const char *unit,
2574 const char *filename,
2575 unsigned line,
2576 const char *section,
2577 unsigned section_line,
2578 const char *lvalue,
2579 int ltype,
2580 const char *rvalue,
2581 void *data,
2582 void *userdata) {
2583
2584 char ***env = data;
2585 const Unit *u = userdata;
2586 _cleanup_free_ char *n = NULL;
2587 int r;
2588
2589 assert(filename);
2590 assert(lvalue);
2591 assert(rvalue);
2592 assert(data);
2593
2594 if (isempty(rvalue)) {
2595 /* Empty assignment frees the list */
2596 *env = strv_free(*env);
2597 return 0;
2598 }
2599
2600 r = unit_full_printf_full(u, rvalue, PATH_MAX, &n);
2601 if (r < 0) {
2602 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
2603 return 0;
2604 }
2605
2606 r = path_simplify_and_warn(n[0] == '-' ? n + 1 : n, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2607 if (r < 0)
2608 return 0;
2609
2610 r = strv_push(env, n);
2611 if (r < 0)
2612 return log_oom();
2613
2614 n = NULL;
2615
2616 return 0;
2617 }
2618
2619 int config_parse_environ(
2620 const char *unit,
2621 const char *filename,
2622 unsigned line,
2623 const char *section,
2624 unsigned section_line,
2625 const char *lvalue,
2626 int ltype,
2627 const char *rvalue,
2628 void *data,
2629 void *userdata) {
2630
2631 const Unit *u = userdata;
2632 char ***env = data;
2633 int r;
2634
2635 assert(filename);
2636 assert(lvalue);
2637 assert(rvalue);
2638 assert(data);
2639
2640 if (isempty(rvalue)) {
2641 /* Empty assignment resets the list */
2642 *env = strv_free(*env);
2643 return 0;
2644 }
2645
2646 for (const char *p = rvalue;; ) {
2647 _cleanup_free_ char *word = NULL, *resolved = NULL;
2648
2649 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2650 if (r == -ENOMEM)
2651 return log_oom();
2652 if (r < 0) {
2653 log_syntax(unit, LOG_WARNING, filename, line, r,
2654 "Invalid syntax, ignoring: %s", rvalue);
2655 return 0;
2656 }
2657 if (r == 0)
2658 return 0;
2659
2660 if (u)
2661 r = unit_env_printf(u, word, &resolved);
2662 else
2663 r = specifier_printf(word, sc_arg_max(), system_and_tmp_specifier_table, NULL, &resolved);
2664 if (r < 0) {
2665 log_syntax(unit, LOG_WARNING, filename, line, r,
2666 "Failed to resolve specifiers in %s, ignoring: %m", word);
2667 continue;
2668 }
2669
2670 if (!env_assignment_is_valid(resolved)) {
2671 log_syntax(unit, LOG_WARNING, filename, line, 0,
2672 "Invalid environment assignment, ignoring: %s", resolved);
2673 continue;
2674 }
2675
2676 r = strv_env_replace_consume(env, TAKE_PTR(resolved));
2677 if (r < 0)
2678 return log_error_errno(r, "Failed to update environment: %m");
2679 }
2680 }
2681
2682 int config_parse_pass_environ(
2683 const char *unit,
2684 const char *filename,
2685 unsigned line,
2686 const char *section,
2687 unsigned section_line,
2688 const char *lvalue,
2689 int ltype,
2690 const char *rvalue,
2691 void *data,
2692 void *userdata) {
2693
2694 _cleanup_strv_free_ char **n = NULL;
2695 const Unit *u = userdata;
2696 char*** passenv = data;
2697 size_t nlen = 0;
2698 int r;
2699
2700 assert(filename);
2701 assert(lvalue);
2702 assert(rvalue);
2703 assert(data);
2704
2705 if (isempty(rvalue)) {
2706 /* Empty assignment resets the list */
2707 *passenv = strv_free(*passenv);
2708 return 0;
2709 }
2710
2711 for (const char *p = rvalue;;) {
2712 _cleanup_free_ char *word = NULL, *k = NULL;
2713
2714 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
2715 if (r == -ENOMEM)
2716 return log_oom();
2717 if (r < 0) {
2718 log_syntax(unit, LOG_WARNING, filename, line, r,
2719 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
2720 break;
2721 }
2722 if (r == 0)
2723 break;
2724
2725 if (u) {
2726 r = unit_env_printf(u, word, &k);
2727 if (r < 0) {
2728 log_syntax(unit, LOG_WARNING, filename, line, r,
2729 "Failed to resolve specifiers in %s, ignoring: %m", word);
2730 continue;
2731 }
2732 } else
2733 k = TAKE_PTR(word);
2734
2735 if (!env_name_is_valid(k)) {
2736 log_syntax(unit, LOG_WARNING, filename, line, 0,
2737 "Invalid environment name for %s, ignoring: %s", lvalue, k);
2738 continue;
2739 }
2740
2741 if (!GREEDY_REALLOC(n, nlen + 2))
2742 return log_oom();
2743
2744 n[nlen++] = TAKE_PTR(k);
2745 n[nlen] = NULL;
2746 }
2747
2748 if (n) {
2749 r = strv_extend_strv(passenv, n, true);
2750 if (r < 0)
2751 return log_oom();
2752 }
2753
2754 return 0;
2755 }
2756
2757 int config_parse_unset_environ(
2758 const char *unit,
2759 const char *filename,
2760 unsigned line,
2761 const char *section,
2762 unsigned section_line,
2763 const char *lvalue,
2764 int ltype,
2765 const char *rvalue,
2766 void *data,
2767 void *userdata) {
2768
2769 _cleanup_strv_free_ char **n = NULL;
2770 char*** unsetenv = data;
2771 const Unit *u = userdata;
2772 size_t nlen = 0;
2773 int r;
2774
2775 assert(filename);
2776 assert(lvalue);
2777 assert(rvalue);
2778 assert(data);
2779
2780 if (isempty(rvalue)) {
2781 /* Empty assignment resets the list */
2782 *unsetenv = strv_free(*unsetenv);
2783 return 0;
2784 }
2785
2786 for (const char *p = rvalue;;) {
2787 _cleanup_free_ char *word = NULL, *k = NULL;
2788
2789 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2790 if (r == -ENOMEM)
2791 return log_oom();
2792 if (r < 0) {
2793 log_syntax(unit, LOG_WARNING, filename, line, r,
2794 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
2795 break;
2796 }
2797 if (r == 0)
2798 break;
2799
2800 if (u) {
2801 r = unit_env_printf(u, word, &k);
2802 if (r < 0) {
2803 log_syntax(unit, LOG_WARNING, filename, line, r,
2804 "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2805 continue;
2806 }
2807 } else
2808 k = TAKE_PTR(word);
2809
2810 if (!env_assignment_is_valid(k) && !env_name_is_valid(k)) {
2811 log_syntax(unit, LOG_WARNING, filename, line, 0,
2812 "Invalid environment name or assignment %s, ignoring: %s", lvalue, k);
2813 continue;
2814 }
2815
2816 if (!GREEDY_REALLOC(n, nlen + 2))
2817 return log_oom();
2818
2819 n[nlen++] = TAKE_PTR(k);
2820 n[nlen] = NULL;
2821 }
2822
2823 if (n) {
2824 r = strv_extend_strv(unsetenv, n, true);
2825 if (r < 0)
2826 return log_oom();
2827 }
2828
2829 return 0;
2830 }
2831
2832 int config_parse_log_extra_fields(
2833 const char *unit,
2834 const char *filename,
2835 unsigned line,
2836 const char *section,
2837 unsigned section_line,
2838 const char *lvalue,
2839 int ltype,
2840 const char *rvalue,
2841 void *data,
2842 void *userdata) {
2843
2844 ExecContext *c = data;
2845 const Unit *u = userdata;
2846 int r;
2847
2848 assert(filename);
2849 assert(lvalue);
2850 assert(rvalue);
2851 assert(c);
2852
2853 if (isempty(rvalue)) {
2854 exec_context_free_log_extra_fields(c);
2855 return 0;
2856 }
2857
2858 for (const char *p = rvalue;;) {
2859 _cleanup_free_ char *word = NULL, *k = NULL;
2860 struct iovec *t;
2861 const char *eq;
2862
2863 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2864 if (r == -ENOMEM)
2865 return log_oom();
2866 if (r < 0) {
2867 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
2868 return 0;
2869 }
2870 if (r == 0)
2871 return 0;
2872
2873 r = unit_full_printf(u, word, &k);
2874 if (r < 0) {
2875 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2876 continue;
2877 }
2878
2879 eq = strchr(k, '=');
2880 if (!eq) {
2881 log_syntax(unit, LOG_WARNING, filename, line, 0, "Log field lacks '=' character, ignoring: %s", k);
2882 continue;
2883 }
2884
2885 if (!journal_field_valid(k, eq-k, false)) {
2886 log_syntax(unit, LOG_WARNING, filename, line, 0, "Log field name is invalid, ignoring: %s", k);
2887 continue;
2888 }
2889
2890 t = reallocarray(c->log_extra_fields, c->n_log_extra_fields+1, sizeof(struct iovec));
2891 if (!t)
2892 return log_oom();
2893
2894 c->log_extra_fields = t;
2895 c->log_extra_fields[c->n_log_extra_fields++] = IOVEC_MAKE_STRING(k);
2896
2897 k = NULL;
2898 }
2899 }
2900
2901 int config_parse_log_namespace(
2902 const char *unit,
2903 const char *filename,
2904 unsigned line,
2905 const char *section,
2906 unsigned section_line,
2907 const char *lvalue,
2908 int ltype,
2909 const char *rvalue,
2910 void *data,
2911 void *userdata) {
2912
2913 _cleanup_free_ char *k = NULL;
2914 ExecContext *c = data;
2915 const Unit *u = userdata;
2916 int r;
2917
2918 assert(filename);
2919 assert(lvalue);
2920 assert(rvalue);
2921 assert(c);
2922
2923 if (isempty(rvalue)) {
2924 c->log_namespace = mfree(c->log_namespace);
2925 return 0;
2926 }
2927
2928 r = unit_full_printf_full(u, rvalue, NAME_MAX, &k);
2929 if (r < 0) {
2930 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2931 return 0;
2932 }
2933
2934 if (!log_namespace_name_valid(k)) {
2935 log_syntax(unit, LOG_WARNING, filename, line, 0, "Specified log namespace name is not valid, ignoring: %s", k);
2936 return 0;
2937 }
2938
2939 free_and_replace(c->log_namespace, k);
2940 return 0;
2941 }
2942
2943 int config_parse_unit_condition_path(
2944 const char *unit,
2945 const char *filename,
2946 unsigned line,
2947 const char *section,
2948 unsigned section_line,
2949 const char *lvalue,
2950 int ltype,
2951 const char *rvalue,
2952 void *data,
2953 void *userdata) {
2954
2955 _cleanup_free_ char *p = NULL;
2956 Condition **list = data, *c;
2957 ConditionType t = ltype;
2958 bool trigger, negate;
2959 const Unit *u = userdata;
2960 int r;
2961
2962 assert(filename);
2963 assert(lvalue);
2964 assert(rvalue);
2965 assert(data);
2966
2967 if (isempty(rvalue)) {
2968 /* Empty assignment resets the list */
2969 *list = condition_free_list(*list);
2970 return 0;
2971 }
2972
2973 trigger = rvalue[0] == '|';
2974 if (trigger)
2975 rvalue++;
2976
2977 negate = rvalue[0] == '!';
2978 if (negate)
2979 rvalue++;
2980
2981 r = unit_path_printf(u, rvalue, &p);
2982 if (r < 0) {
2983 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2984 return 0;
2985 }
2986
2987 r = path_simplify_and_warn(p, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2988 if (r < 0)
2989 return 0;
2990
2991 c = condition_new(t, p, trigger, negate);
2992 if (!c)
2993 return log_oom();
2994
2995 LIST_PREPEND(conditions, *list, c);
2996 return 0;
2997 }
2998
2999 int config_parse_unit_condition_string(
3000 const char *unit,
3001 const char *filename,
3002 unsigned line,
3003 const char *section,
3004 unsigned section_line,
3005 const char *lvalue,
3006 int ltype,
3007 const char *rvalue,
3008 void *data,
3009 void *userdata) {
3010
3011 _cleanup_free_ char *s = NULL;
3012 Condition **list = data, *c;
3013 ConditionType t = ltype;
3014 bool trigger, negate;
3015 const Unit *u = userdata;
3016 int r;
3017
3018 assert(filename);
3019 assert(lvalue);
3020 assert(rvalue);
3021 assert(data);
3022
3023 if (isempty(rvalue)) {
3024 /* Empty assignment resets the list */
3025 *list = condition_free_list(*list);
3026 return 0;
3027 }
3028
3029 trigger = *rvalue == '|';
3030 if (trigger)
3031 rvalue += 1 + strspn(rvalue + 1, WHITESPACE);
3032
3033 negate = *rvalue == '!';
3034 if (negate)
3035 rvalue += 1 + strspn(rvalue + 1, WHITESPACE);
3036
3037 r = unit_full_printf(u, rvalue, &s);
3038 if (r < 0) {
3039 log_syntax(unit, LOG_WARNING, filename, line, r,
3040 "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
3041 return 0;
3042 }
3043
3044 c = condition_new(t, s, trigger, negate);
3045 if (!c)
3046 return log_oom();
3047
3048 LIST_PREPEND(conditions, *list, c);
3049 return 0;
3050 }
3051
3052 int config_parse_unit_requires_mounts_for(
3053 const char *unit,
3054 const char *filename,
3055 unsigned line,
3056 const char *section,
3057 unsigned section_line,
3058 const char *lvalue,
3059 int ltype,
3060 const char *rvalue,
3061 void *data,
3062 void *userdata) {
3063
3064 Unit *u = userdata;
3065 int r;
3066
3067 assert(filename);
3068 assert(lvalue);
3069 assert(rvalue);
3070 assert(data);
3071
3072 for (const char *p = rvalue;;) {
3073 _cleanup_free_ char *word = NULL, *resolved = NULL;
3074
3075 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3076 if (r == -ENOMEM)
3077 return log_oom();
3078 if (r < 0) {
3079 log_syntax(unit, LOG_WARNING, filename, line, r,
3080 "Invalid syntax, ignoring: %s", rvalue);
3081 return 0;
3082 }
3083 if (r == 0)
3084 return 0;
3085
3086 r = unit_path_printf(u, word, &resolved);
3087 if (r < 0) {
3088 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
3089 continue;
3090 }
3091
3092 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
3093 if (r < 0)
3094 continue;
3095
3096 r = unit_require_mounts_for(u, resolved, UNIT_DEPENDENCY_FILE);
3097 if (r < 0) {
3098 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add required mount '%s', ignoring: %m", resolved);
3099 continue;
3100 }
3101 }
3102 }
3103
3104 int config_parse_documentation(
3105 const char *unit,
3106 const char *filename,
3107 unsigned line,
3108 const char *section,
3109 unsigned section_line,
3110 const char *lvalue,
3111 int ltype,
3112 const char *rvalue,
3113 void *data,
3114 void *userdata) {
3115
3116 Unit *u = userdata;
3117 int r;
3118 char **a, **b;
3119
3120 assert(filename);
3121 assert(lvalue);
3122 assert(rvalue);
3123 assert(u);
3124
3125 if (isempty(rvalue)) {
3126 /* Empty assignment resets the list */
3127 u->documentation = strv_free(u->documentation);
3128 return 0;
3129 }
3130
3131 r = config_parse_unit_strv_printf(unit, filename, line, section, section_line, lvalue, ltype,
3132 rvalue, data, userdata);
3133 if (r < 0)
3134 return r;
3135
3136 for (a = b = u->documentation; a && *a; a++) {
3137
3138 if (documentation_url_is_valid(*a))
3139 *(b++) = *a;
3140 else {
3141 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid URL, ignoring: %s", *a);
3142 free(*a);
3143 }
3144 }
3145 if (b)
3146 *b = NULL;
3147
3148 return 0;
3149 }
3150
3151 #if HAVE_SECCOMP
3152 int config_parse_syscall_filter(
3153 const char *unit,
3154 const char *filename,
3155 unsigned line,
3156 const char *section,
3157 unsigned section_line,
3158 const char *lvalue,
3159 int ltype,
3160 const char *rvalue,
3161 void *data,
3162 void *userdata) {
3163
3164 ExecContext *c = data;
3165 _unused_ const Unit *u = userdata;
3166 bool invert = false;
3167 int r;
3168
3169 assert(filename);
3170 assert(lvalue);
3171 assert(rvalue);
3172 assert(u);
3173
3174 if (isempty(rvalue)) {
3175 /* Empty assignment resets the list */
3176 c->syscall_filter = hashmap_free(c->syscall_filter);
3177 c->syscall_allow_list = false;
3178 return 0;
3179 }
3180
3181 if (rvalue[0] == '~') {
3182 invert = true;
3183 rvalue++;
3184 }
3185
3186 if (!c->syscall_filter) {
3187 c->syscall_filter = hashmap_new(NULL);
3188 if (!c->syscall_filter)
3189 return log_oom();
3190
3191 if (invert)
3192 /* Allow everything but the ones listed */
3193 c->syscall_allow_list = false;
3194 else {
3195 /* Allow nothing but the ones listed */
3196 c->syscall_allow_list = true;
3197
3198 /* Accept default syscalls if we are on a allow_list */
3199 r = seccomp_parse_syscall_filter(
3200 "@default", -1, c->syscall_filter,
3201 SECCOMP_PARSE_PERMISSIVE|SECCOMP_PARSE_ALLOW_LIST,
3202 unit,
3203 NULL, 0);
3204 if (r < 0)
3205 return r;
3206 }
3207 }
3208
3209 for (const char *p = rvalue;;) {
3210 _cleanup_free_ char *word = NULL, *name = NULL;
3211 int num;
3212
3213 r = extract_first_word(&p, &word, NULL, 0);
3214 if (r == -ENOMEM)
3215 return log_oom();
3216 if (r < 0) {
3217 log_syntax(unit, LOG_WARNING, filename, line, r,
3218 "Invalid syntax, ignoring: %s", rvalue);
3219 return 0;
3220 }
3221 if (r == 0)
3222 return 0;
3223
3224 r = parse_syscall_and_errno(word, &name, &num);
3225 if (r < 0) {
3226 log_syntax(unit, LOG_WARNING, filename, line, r,
3227 "Failed to parse syscall:errno, ignoring: %s", word);
3228 continue;
3229 }
3230 if (!invert && num >= 0) {
3231 log_syntax(unit, LOG_WARNING, filename, line, 0,
3232 "Allow-listed system calls cannot take error number, ignoring: %s", word);
3233 continue;
3234 }
3235
3236 r = seccomp_parse_syscall_filter(
3237 name, num, c->syscall_filter,
3238 SECCOMP_PARSE_LOG|SECCOMP_PARSE_PERMISSIVE|
3239 (invert ? SECCOMP_PARSE_INVERT : 0)|
3240 (c->syscall_allow_list ? SECCOMP_PARSE_ALLOW_LIST : 0),
3241 unit, filename, line);
3242 if (r < 0)
3243 return r;
3244 }
3245 }
3246
3247 int config_parse_syscall_log(
3248 const char *unit,
3249 const char *filename,
3250 unsigned line,
3251 const char *section,
3252 unsigned section_line,
3253 const char *lvalue,
3254 int ltype,
3255 const char *rvalue,
3256 void *data,
3257 void *userdata) {
3258
3259 ExecContext *c = data;
3260 _unused_ const Unit *u = userdata;
3261 bool invert = false;
3262 const char *p;
3263 int r;
3264
3265 assert(filename);
3266 assert(lvalue);
3267 assert(rvalue);
3268 assert(u);
3269
3270 if (isempty(rvalue)) {
3271 /* Empty assignment resets the list */
3272 c->syscall_log = hashmap_free(c->syscall_log);
3273 c->syscall_log_allow_list = false;
3274 return 0;
3275 }
3276
3277 if (rvalue[0] == '~') {
3278 invert = true;
3279 rvalue++;
3280 }
3281
3282 if (!c->syscall_log) {
3283 c->syscall_log = hashmap_new(NULL);
3284 if (!c->syscall_log)
3285 return log_oom();
3286
3287 if (invert)
3288 /* Log everything but the ones listed */
3289 c->syscall_log_allow_list = false;
3290 else
3291 /* Log nothing but the ones listed */
3292 c->syscall_log_allow_list = true;
3293 }
3294
3295 p = rvalue;
3296 for (;;) {
3297 _cleanup_free_ char *word = NULL;
3298
3299 r = extract_first_word(&p, &word, NULL, 0);
3300 if (r == -ENOMEM)
3301 return log_oom();
3302 if (r < 0) {
3303 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
3304 return 0;
3305 }
3306 if (r == 0)
3307 return 0;
3308
3309 r = seccomp_parse_syscall_filter(
3310 word, -1, c->syscall_log,
3311 SECCOMP_PARSE_LOG|SECCOMP_PARSE_PERMISSIVE|
3312 (invert ? SECCOMP_PARSE_INVERT : 0)|
3313 (c->syscall_log_allow_list ? SECCOMP_PARSE_ALLOW_LIST : 0),
3314 unit, filename, line);
3315 if (r < 0)
3316 return r;
3317 }
3318 }
3319
3320 int config_parse_syscall_archs(
3321 const char *unit,
3322 const char *filename,
3323 unsigned line,
3324 const char *section,
3325 unsigned section_line,
3326 const char *lvalue,
3327 int ltype,
3328 const char *rvalue,
3329 void *data,
3330 void *userdata) {
3331
3332 Set **archs = data;
3333 int r;
3334
3335 if (isempty(rvalue)) {
3336 *archs = set_free(*archs);
3337 return 0;
3338 }
3339
3340 for (const char *p = rvalue;;) {
3341 _cleanup_free_ char *word = NULL;
3342 uint32_t a;
3343
3344 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3345 if (r == -ENOMEM)
3346 return log_oom();
3347 if (r < 0) {
3348 log_syntax(unit, LOG_WARNING, filename, line, r,
3349 "Invalid syntax, ignoring: %s", rvalue);
3350 return 0;
3351 }
3352 if (r == 0)
3353 return 0;
3354
3355 r = seccomp_arch_from_string(word, &a);
3356 if (r < 0) {
3357 log_syntax(unit, LOG_WARNING, filename, line, r,
3358 "Failed to parse system call architecture \"%s\", ignoring: %m", word);
3359 continue;
3360 }
3361
3362 r = set_ensure_put(archs, NULL, UINT32_TO_PTR(a + 1));
3363 if (r < 0)
3364 return log_oom();
3365 }
3366 }
3367
3368 int config_parse_syscall_errno(
3369 const char *unit,
3370 const char *filename,
3371 unsigned line,
3372 const char *section,
3373 unsigned section_line,
3374 const char *lvalue,
3375 int ltype,
3376 const char *rvalue,
3377 void *data,
3378 void *userdata) {
3379
3380 ExecContext *c = data;
3381 int e;
3382
3383 assert(filename);
3384 assert(lvalue);
3385 assert(rvalue);
3386
3387 if (isempty(rvalue) || streq(rvalue, "kill")) {
3388 /* Empty assignment resets to KILL */
3389 c->syscall_errno = SECCOMP_ERROR_NUMBER_KILL;
3390 return 0;
3391 }
3392
3393 e = parse_errno(rvalue);
3394 if (e < 0) {
3395 log_syntax(unit, LOG_WARNING, filename, line, e, "Failed to parse error number, ignoring: %s", rvalue);
3396 return 0;
3397 }
3398 if (e == 0) {
3399 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid error number, ignoring: %s", rvalue);
3400 return 0;
3401 }
3402
3403 c->syscall_errno = e;
3404 return 0;
3405 }
3406
3407 int config_parse_address_families(
3408 const char *unit,
3409 const char *filename,
3410 unsigned line,
3411 const char *section,
3412 unsigned section_line,
3413 const char *lvalue,
3414 int ltype,
3415 const char *rvalue,
3416 void *data,
3417 void *userdata) {
3418
3419 ExecContext *c = data;
3420 bool invert = false;
3421 int r;
3422
3423 assert(filename);
3424 assert(lvalue);
3425 assert(rvalue);
3426
3427 if (isempty(rvalue)) {
3428 /* Empty assignment resets the list */
3429 c->address_families = set_free(c->address_families);
3430 c->address_families_allow_list = false;
3431 return 0;
3432 }
3433
3434 if (streq(rvalue, "none")) {
3435 /* Forbid all address families. */
3436 c->address_families = set_free(c->address_families);
3437 c->address_families_allow_list = true;
3438 return 0;
3439 }
3440
3441 if (rvalue[0] == '~') {
3442 invert = true;
3443 rvalue++;
3444 }
3445
3446 if (!c->address_families) {
3447 c->address_families = set_new(NULL);
3448 if (!c->address_families)
3449 return log_oom();
3450
3451 c->address_families_allow_list = !invert;
3452 }
3453
3454 for (const char *p = rvalue;;) {
3455 _cleanup_free_ char *word = NULL;
3456 int af;
3457
3458 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3459 if (r == -ENOMEM)
3460 return log_oom();
3461 if (r < 0) {
3462 log_syntax(unit, LOG_WARNING, filename, line, r,
3463 "Invalid syntax, ignoring: %s", rvalue);
3464 return 0;
3465 }
3466 if (r == 0)
3467 return 0;
3468
3469 af = af_from_name(word);
3470 if (af < 0) {
3471 log_syntax(unit, LOG_WARNING, filename, line, af,
3472 "Failed to parse address family, ignoring: %s", word);
3473 continue;
3474 }
3475
3476 /* If we previously wanted to forbid an address family and now
3477 * we want to allow it, then just remove it from the list.
3478 */
3479 if (!invert == c->address_families_allow_list) {
3480 r = set_put(c->address_families, INT_TO_PTR(af));
3481 if (r < 0)
3482 return log_oom();
3483 } else
3484 set_remove(c->address_families, INT_TO_PTR(af));
3485 }
3486 }
3487
3488 int config_parse_restrict_namespaces(
3489 const char *unit,
3490 const char *filename,
3491 unsigned line,
3492 const char *section,
3493 unsigned section_line,
3494 const char *lvalue,
3495 int ltype,
3496 const char *rvalue,
3497 void *data,
3498 void *userdata) {
3499
3500 ExecContext *c = data;
3501 unsigned long flags;
3502 bool invert = false;
3503 int r;
3504
3505 if (isempty(rvalue)) {
3506 /* Reset to the default. */
3507 c->restrict_namespaces = NAMESPACE_FLAGS_INITIAL;
3508 return 0;
3509 }
3510
3511 /* Boolean parameter ignores the previous settings */
3512 r = parse_boolean(rvalue);
3513 if (r > 0) {
3514 c->restrict_namespaces = 0;
3515 return 0;
3516 } else if (r == 0) {
3517 c->restrict_namespaces = NAMESPACE_FLAGS_ALL;
3518 return 0;
3519 }
3520
3521 if (rvalue[0] == '~') {
3522 invert = true;
3523 rvalue++;
3524 }
3525
3526 /* Not a boolean argument, in this case it's a list of namespace types. */
3527 r = namespace_flags_from_string(rvalue, &flags);
3528 if (r < 0) {
3529 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse namespace type string, ignoring: %s", rvalue);
3530 return 0;
3531 }
3532
3533 if (c->restrict_namespaces == NAMESPACE_FLAGS_INITIAL)
3534 /* Initial assignment. Just set the value. */
3535 c->restrict_namespaces = invert ? (~flags) & NAMESPACE_FLAGS_ALL : flags;
3536 else
3537 /* Merge the value with the previous one. */
3538 SET_FLAG(c->restrict_namespaces, flags, !invert);
3539
3540 return 0;
3541 }
3542 #endif
3543
3544 int config_parse_unit_slice(
3545 const char *unit,
3546 const char *filename,
3547 unsigned line,
3548 const char *section,
3549 unsigned section_line,
3550 const char *lvalue,
3551 int ltype,
3552 const char *rvalue,
3553 void *data,
3554 void *userdata) {
3555
3556 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
3557 _cleanup_free_ char *k = NULL;
3558 Unit *u = userdata, *slice;
3559 int r;
3560
3561 assert(filename);
3562 assert(lvalue);
3563 assert(rvalue);
3564 assert(u);
3565
3566 r = unit_name_printf(u, rvalue, &k);
3567 if (r < 0) {
3568 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
3569 return 0;
3570 }
3571
3572 r = manager_load_unit(u->manager, k, NULL, &error, &slice);
3573 if (r < 0) {
3574 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to load slice unit %s, ignoring: %s", k, bus_error_message(&error, r));
3575 return 0;
3576 }
3577
3578 r = unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE);
3579 if (r < 0) {
3580 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to assign slice %s to unit %s, ignoring: %m", slice->id, u->id);
3581 return 0;
3582 }
3583
3584 return 0;
3585 }
3586
3587 int config_parse_cpu_quota(
3588 const char *unit,
3589 const char *filename,
3590 unsigned line,
3591 const char *section,
3592 unsigned section_line,
3593 const char *lvalue,
3594 int ltype,
3595 const char *rvalue,
3596 void *data,
3597 void *userdata) {
3598
3599 CGroupContext *c = data;
3600 int r;
3601
3602 assert(filename);
3603 assert(lvalue);
3604 assert(rvalue);
3605
3606 if (isempty(rvalue)) {
3607 c->cpu_quota_per_sec_usec = USEC_INFINITY;
3608 return 0;
3609 }
3610
3611 r = parse_permyriad_unbounded(rvalue);
3612 if (r <= 0) {
3613 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid CPU quota '%s', ignoring.", rvalue);
3614 return 0;
3615 }
3616
3617 c->cpu_quota_per_sec_usec = ((usec_t) r * USEC_PER_SEC) / 10000U;
3618 return 0;
3619 }
3620
3621 int config_parse_allowed_cpus(
3622 const char *unit,
3623 const char *filename,
3624 unsigned line,
3625 const char *section,
3626 unsigned section_line,
3627 const char *lvalue,
3628 int ltype,
3629 const char *rvalue,
3630 void *data,
3631 void *userdata) {
3632
3633 CGroupContext *c = data;
3634
3635 (void) parse_cpu_set_extend(rvalue, &c->cpuset_cpus, true, unit, filename, line, lvalue);
3636
3637 return 0;
3638 }
3639
3640 int config_parse_allowed_mems(
3641 const char *unit,
3642 const char *filename,
3643 unsigned line,
3644 const char *section,
3645 unsigned section_line,
3646 const char *lvalue,
3647 int ltype,
3648 const char *rvalue,
3649 void *data,
3650 void *userdata) {
3651
3652 CGroupContext *c = data;
3653
3654 (void) parse_cpu_set_extend(rvalue, &c->cpuset_mems, true, unit, filename, line, lvalue);
3655
3656 return 0;
3657 }
3658
3659 int config_parse_memory_limit(
3660 const char *unit,
3661 const char *filename,
3662 unsigned line,
3663 const char *section,
3664 unsigned section_line,
3665 const char *lvalue,
3666 int ltype,
3667 const char *rvalue,
3668 void *data,
3669 void *userdata) {
3670
3671 CGroupContext *c = data;
3672 uint64_t bytes = CGROUP_LIMIT_MAX;
3673 int r;
3674
3675 if (isempty(rvalue) && STR_IN_SET(lvalue, "DefaultMemoryLow",
3676 "DefaultMemoryMin",
3677 "MemoryLow",
3678 "MemoryMin"))
3679 bytes = CGROUP_LIMIT_MIN;
3680 else if (!isempty(rvalue) && !streq(rvalue, "infinity")) {
3681
3682 r = parse_permyriad(rvalue);
3683 if (r < 0) {
3684 r = parse_size(rvalue, 1024, &bytes);
3685 if (r < 0) {
3686 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid memory limit '%s', ignoring: %m", rvalue);
3687 return 0;
3688 }
3689 } else
3690 bytes = physical_memory_scale(r, 10000U);
3691
3692 if (bytes >= UINT64_MAX ||
3693 (bytes <= 0 && !STR_IN_SET(lvalue, "MemorySwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) {
3694 log_syntax(unit, LOG_WARNING, filename, line, 0, "Memory limit '%s' out of range, ignoring.", rvalue);
3695 return 0;
3696 }
3697 }
3698
3699 if (streq(lvalue, "DefaultMemoryLow")) {
3700 c->default_memory_low = bytes;
3701 c->default_memory_low_set = true;
3702 } else if (streq(lvalue, "DefaultMemoryMin")) {
3703 c->default_memory_min = bytes;
3704 c->default_memory_min_set = true;
3705 } else if (streq(lvalue, "MemoryMin")) {
3706 c->memory_min = bytes;
3707 c->memory_min_set = true;
3708 } else if (streq(lvalue, "MemoryLow")) {
3709 c->memory_low = bytes;
3710 c->memory_low_set = true;
3711 } else if (streq(lvalue, "MemoryHigh"))
3712 c->memory_high = bytes;
3713 else if (streq(lvalue, "MemoryMax"))
3714 c->memory_max = bytes;
3715 else if (streq(lvalue, "MemorySwapMax"))
3716 c->memory_swap_max = bytes;
3717 else if (streq(lvalue, "MemoryLimit"))
3718 c->memory_limit = bytes;
3719 else
3720 return -EINVAL;
3721
3722 return 0;
3723 }
3724
3725 int config_parse_tasks_max(
3726 const char *unit,
3727 const char *filename,
3728 unsigned line,
3729 const char *section,
3730 unsigned section_line,
3731 const char *lvalue,
3732 int ltype,
3733 const char *rvalue,
3734 void *data,
3735 void *userdata) {
3736
3737 const Unit *u = userdata;
3738 TasksMax *tasks_max = data;
3739 uint64_t v;
3740 int r;
3741
3742 if (isempty(rvalue)) {
3743 *tasks_max = u ? u->manager->default_tasks_max : TASKS_MAX_UNSET;
3744 return 0;
3745 }
3746
3747 if (streq(rvalue, "infinity")) {
3748 *tasks_max = TASKS_MAX_UNSET;
3749 return 0;
3750 }
3751
3752 r = parse_permyriad(rvalue);
3753 if (r >= 0)
3754 *tasks_max = (TasksMax) { r, 10000U }; /* r‱ */
3755 else {
3756 r = safe_atou64(rvalue, &v);
3757 if (r < 0) {
3758 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid maximum tasks value '%s', ignoring: %m", rvalue);
3759 return 0;
3760 }
3761
3762 if (v <= 0 || v >= UINT64_MAX) {
3763 log_syntax(unit, LOG_WARNING, filename, line, 0, "Maximum tasks value '%s' out of range, ignoring.", rvalue);
3764 return 0;
3765 }
3766
3767 *tasks_max = (TasksMax) { v };
3768 }
3769
3770 return 0;
3771 }
3772
3773 int config_parse_delegate(
3774 const char *unit,
3775 const char *filename,
3776 unsigned line,
3777 const char *section,
3778 unsigned section_line,
3779 const char *lvalue,
3780 int ltype,
3781 const char *rvalue,
3782 void *data,
3783 void *userdata) {
3784
3785 CGroupContext *c = data;
3786 UnitType t;
3787 int r;
3788
3789 t = unit_name_to_type(unit);
3790 assert(t != _UNIT_TYPE_INVALID);
3791
3792 if (!unit_vtable[t]->can_delegate) {
3793 log_syntax(unit, LOG_WARNING, filename, line, 0, "Delegate= setting not supported for this unit type, ignoring.");
3794 return 0;
3795 }
3796
3797 /* We either accept a boolean value, which may be used to turn on delegation for all controllers, or turn it
3798 * off for all. Or it takes a list of controller names, in which case we add the specified controllers to the
3799 * mask to delegate. */
3800
3801 if (isempty(rvalue)) {
3802 /* An empty string resets controllers and set Delegate=yes. */
3803 c->delegate = true;
3804 c->delegate_controllers = 0;
3805 return 0;
3806 }
3807
3808 r = parse_boolean(rvalue);
3809 if (r < 0) {
3810 CGroupMask mask = 0;
3811
3812 for (const char *p = rvalue;;) {
3813 _cleanup_free_ char *word = NULL;
3814 CGroupController cc;
3815
3816 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3817 if (r == -ENOMEM)
3818 return log_oom();
3819 if (r < 0) {
3820 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
3821 return 0;
3822 }
3823 if (r == 0)
3824 break;
3825
3826 cc = cgroup_controller_from_string(word);
3827 if (cc < 0) {
3828 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid controller name '%s', ignoring", word);
3829 continue;
3830 }
3831
3832 mask |= CGROUP_CONTROLLER_TO_MASK(cc);
3833 }
3834
3835 c->delegate = true;
3836 c->delegate_controllers |= mask;
3837
3838 } else if (r > 0) {
3839 c->delegate = true;
3840 c->delegate_controllers = _CGROUP_MASK_ALL;
3841 } else {
3842 c->delegate = false;
3843 c->delegate_controllers = 0;
3844 }
3845
3846 return 0;
3847 }
3848
3849 int config_parse_managed_oom_mode(
3850 const char *unit,
3851 const char *filename,
3852 unsigned line,
3853 const char *section,
3854 unsigned section_line,
3855 const char *lvalue,
3856 int ltype,
3857 const char *rvalue,
3858 void *data,
3859 void *userdata) {
3860
3861 ManagedOOMMode *mode = data, m;
3862 UnitType t;
3863
3864 t = unit_name_to_type(unit);
3865 assert(t != _UNIT_TYPE_INVALID);
3866
3867 if (!unit_vtable[t]->can_set_managed_oom)
3868 return log_syntax(unit, LOG_WARNING, filename, line, 0, "%s= is not supported for this unit type, ignoring.", lvalue);
3869
3870 if (isempty(rvalue)) {
3871 *mode = MANAGED_OOM_AUTO;
3872 return 0;
3873 }
3874
3875 m = managed_oom_mode_from_string(rvalue);
3876 if (m < 0) {
3877 log_syntax(unit, LOG_WARNING, filename, line, m, "Invalid syntax, ignoring: %s", rvalue);
3878 return 0;
3879 }
3880
3881 *mode = m;
3882 return 0;
3883 }
3884
3885 int config_parse_managed_oom_mem_pressure_limit(
3886 const char *unit,
3887 const char *filename,
3888 unsigned line,
3889 const char *section,
3890 unsigned section_line,
3891 const char *lvalue,
3892 int ltype,
3893 const char *rvalue,
3894 void *data,
3895 void *userdata) {
3896
3897 uint32_t *limit = data;
3898 UnitType t;
3899 int r;
3900
3901 t = unit_name_to_type(unit);
3902 assert(t != _UNIT_TYPE_INVALID);
3903
3904 if (!unit_vtable[t]->can_set_managed_oom)
3905 return log_syntax(unit, LOG_WARNING, filename, line, 0, "%s= is not supported for this unit type, ignoring.", lvalue);
3906
3907 if (isempty(rvalue)) {
3908 *limit = 0;
3909 return 0;
3910 }
3911
3912 r = parse_permyriad(rvalue);
3913 if (r < 0) {
3914 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse memory pressure limit value, ignoring: %s", rvalue);
3915 return 0;
3916 }
3917
3918 /* Normalize to 2^32-1 == 100% */
3919 *limit = UINT32_SCALE_FROM_PERMYRIAD(r);
3920 return 0;
3921 }
3922
3923 int config_parse_device_allow(
3924 const char *unit,
3925 const char *filename,
3926 unsigned line,
3927 const char *section,
3928 unsigned section_line,
3929 const char *lvalue,
3930 int ltype,
3931 const char *rvalue,
3932 void *data,
3933 void *userdata) {
3934
3935 _cleanup_free_ char *path = NULL, *resolved = NULL;
3936 CGroupContext *c = data;
3937 const char *p = rvalue;
3938 int r;
3939
3940 if (isempty(rvalue)) {
3941 while (c->device_allow)
3942 cgroup_context_free_device_allow(c, c->device_allow);
3943
3944 return 0;
3945 }
3946
3947 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3948 if (r == -ENOMEM)
3949 return log_oom();
3950 if (r <= 0) {
3951 log_syntax(unit, LOG_WARNING, filename, line, r,
3952 "Failed to extract device path and rights from '%s', ignoring.", rvalue);
3953 return 0;
3954 }
3955
3956 r = unit_path_printf(userdata, path, &resolved);
3957 if (r < 0) {
3958 log_syntax(unit, LOG_WARNING, filename, line, r,
3959 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3960 return 0;
3961 }
3962
3963 if (!STARTSWITH_SET(resolved, "block-", "char-")) {
3964
3965 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3966 if (r < 0)
3967 return 0;
3968
3969 if (!valid_device_node_path(resolved)) {
3970 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid device node path '%s', ignoring.", resolved);
3971 return 0;
3972 }
3973 }
3974
3975 if (!isempty(p) && !in_charset(p, "rwm")) {
3976 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid device rights '%s', ignoring.", p);
3977 return 0;
3978 }
3979
3980 return cgroup_add_device_allow(c, resolved, p);
3981 }
3982
3983 int config_parse_io_device_weight(
3984 const char *unit,
3985 const char *filename,
3986 unsigned line,
3987 const char *section,
3988 unsigned section_line,
3989 const char *lvalue,
3990 int ltype,
3991 const char *rvalue,
3992 void *data,
3993 void *userdata) {
3994
3995 _cleanup_free_ char *path = NULL, *resolved = NULL;
3996 CGroupIODeviceWeight *w;
3997 CGroupContext *c = data;
3998 const char *p = rvalue;
3999 uint64_t u;
4000 int r;
4001
4002 assert(filename);
4003 assert(lvalue);
4004 assert(rvalue);
4005
4006 if (isempty(rvalue)) {
4007 while (c->io_device_weights)
4008 cgroup_context_free_io_device_weight(c, c->io_device_weights);
4009
4010 return 0;
4011 }
4012
4013 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
4014 if (r == -ENOMEM)
4015 return log_oom();
4016 if (r <= 0 || isempty(p)) {
4017 log_syntax(unit, LOG_WARNING, filename, line, r,
4018 "Failed to extract device path and weight from '%s', ignoring.", rvalue);
4019 return 0;
4020 }
4021
4022 r = unit_path_printf(userdata, path, &resolved);
4023 if (r < 0) {
4024 log_syntax(unit, LOG_WARNING, filename, line, r,
4025 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4026 return 0;
4027 }
4028
4029 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4030 if (r < 0)
4031 return 0;
4032
4033 r = cg_weight_parse(p, &u);
4034 if (r < 0) {
4035 log_syntax(unit, LOG_WARNING, filename, line, r, "IO weight '%s' invalid, ignoring: %m", p);
4036 return 0;
4037 }
4038
4039 assert(u != CGROUP_WEIGHT_INVALID);
4040
4041 w = new0(CGroupIODeviceWeight, 1);
4042 if (!w)
4043 return log_oom();
4044
4045 w->path = TAKE_PTR(resolved);
4046 w->weight = u;
4047
4048 LIST_PREPEND(device_weights, c->io_device_weights, w);
4049 return 0;
4050 }
4051
4052 int config_parse_io_device_latency(
4053 const char *unit,
4054 const char *filename,
4055 unsigned line,
4056 const char *section,
4057 unsigned section_line,
4058 const char *lvalue,
4059 int ltype,
4060 const char *rvalue,
4061 void *data,
4062 void *userdata) {
4063
4064 _cleanup_free_ char *path = NULL, *resolved = NULL;
4065 CGroupIODeviceLatency *l;
4066 CGroupContext *c = data;
4067 const char *p = rvalue;
4068 usec_t usec;
4069 int r;
4070
4071 assert(filename);
4072 assert(lvalue);
4073 assert(rvalue);
4074
4075 if (isempty(rvalue)) {
4076 while (c->io_device_latencies)
4077 cgroup_context_free_io_device_latency(c, c->io_device_latencies);
4078
4079 return 0;
4080 }
4081
4082 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
4083 if (r == -ENOMEM)
4084 return log_oom();
4085 if (r <= 0 || isempty(p)) {
4086 log_syntax(unit, LOG_WARNING, filename, line, r,
4087 "Failed to extract device path and latency from '%s', ignoring.", rvalue);
4088 return 0;
4089 }
4090
4091 r = unit_path_printf(userdata, path, &resolved);
4092 if (r < 0) {
4093 log_syntax(unit, LOG_WARNING, filename, line, r,
4094 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4095 return 0;
4096 }
4097
4098 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4099 if (r < 0)
4100 return 0;
4101
4102 r = parse_sec(p, &usec);
4103 if (r < 0) {
4104 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse timer value, ignoring: %s", p);
4105 return 0;
4106 }
4107
4108 l = new0(CGroupIODeviceLatency, 1);
4109 if (!l)
4110 return log_oom();
4111
4112 l->path = TAKE_PTR(resolved);
4113 l->target_usec = usec;
4114
4115 LIST_PREPEND(device_latencies, c->io_device_latencies, l);
4116 return 0;
4117 }
4118
4119 int config_parse_io_limit(
4120 const char *unit,
4121 const char *filename,
4122 unsigned line,
4123 const char *section,
4124 unsigned section_line,
4125 const char *lvalue,
4126 int ltype,
4127 const char *rvalue,
4128 void *data,
4129 void *userdata) {
4130
4131 _cleanup_free_ char *path = NULL, *resolved = NULL;
4132 CGroupIODeviceLimit *l = NULL, *t;
4133 CGroupContext *c = data;
4134 CGroupIOLimitType type;
4135 const char *p = rvalue;
4136 uint64_t num;
4137 int r;
4138
4139 assert(filename);
4140 assert(lvalue);
4141 assert(rvalue);
4142
4143 type = cgroup_io_limit_type_from_string(lvalue);
4144 assert(type >= 0);
4145
4146 if (isempty(rvalue)) {
4147 LIST_FOREACH(device_limits, l, c->io_device_limits)
4148 l->limits[type] = cgroup_io_limit_defaults[type];
4149 return 0;
4150 }
4151
4152 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
4153 if (r == -ENOMEM)
4154 return log_oom();
4155 if (r <= 0 || isempty(p)) {
4156 log_syntax(unit, LOG_WARNING, filename, line, r,
4157 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
4158 return 0;
4159 }
4160
4161 r = unit_path_printf(userdata, path, &resolved);
4162 if (r < 0) {
4163 log_syntax(unit, LOG_WARNING, filename, line, r,
4164 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4165 return 0;
4166 }
4167
4168 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4169 if (r < 0)
4170 return 0;
4171
4172 if (streq("infinity", p))
4173 num = CGROUP_LIMIT_MAX;
4174 else {
4175 r = parse_size(p, 1000, &num);
4176 if (r < 0 || num <= 0) {
4177 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid IO limit '%s', ignoring.", p);
4178 return 0;
4179 }
4180 }
4181
4182 LIST_FOREACH(device_limits, t, c->io_device_limits) {
4183 if (path_equal(resolved, t->path)) {
4184 l = t;
4185 break;
4186 }
4187 }
4188
4189 if (!l) {
4190 CGroupIOLimitType ttype;
4191
4192 l = new0(CGroupIODeviceLimit, 1);
4193 if (!l)
4194 return log_oom();
4195
4196 l->path = TAKE_PTR(resolved);
4197 for (ttype = 0; ttype < _CGROUP_IO_LIMIT_TYPE_MAX; ttype++)
4198 l->limits[ttype] = cgroup_io_limit_defaults[ttype];
4199
4200 LIST_PREPEND(device_limits, c->io_device_limits, l);
4201 }
4202
4203 l->limits[type] = num;
4204
4205 return 0;
4206 }
4207
4208 int config_parse_blockio_device_weight(
4209 const char *unit,
4210 const char *filename,
4211 unsigned line,
4212 const char *section,
4213 unsigned section_line,
4214 const char *lvalue,
4215 int ltype,
4216 const char *rvalue,
4217 void *data,
4218 void *userdata) {
4219
4220 _cleanup_free_ char *path = NULL, *resolved = NULL;
4221 CGroupBlockIODeviceWeight *w;
4222 CGroupContext *c = data;
4223 const char *p = rvalue;
4224 uint64_t u;
4225 int r;
4226
4227 assert(filename);
4228 assert(lvalue);
4229 assert(rvalue);
4230
4231 if (isempty(rvalue)) {
4232 while (c->blockio_device_weights)
4233 cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights);
4234
4235 return 0;
4236 }
4237
4238 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
4239 if (r == -ENOMEM)
4240 return log_oom();
4241 if (r <= 0 || isempty(p)) {
4242 log_syntax(unit, LOG_WARNING, filename, line, r,
4243 "Failed to extract device node and weight from '%s', ignoring.", rvalue);
4244 return 0;
4245 }
4246
4247 r = unit_path_printf(userdata, path, &resolved);
4248 if (r < 0) {
4249 log_syntax(unit, LOG_WARNING, filename, line, r,
4250 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4251 return 0;
4252 }
4253
4254 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4255 if (r < 0)
4256 return 0;
4257
4258 r = cg_blkio_weight_parse(p, &u);
4259 if (r < 0) {
4260 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid block IO weight '%s', ignoring: %m", p);
4261 return 0;
4262 }
4263
4264 assert(u != CGROUP_BLKIO_WEIGHT_INVALID);
4265
4266 w = new0(CGroupBlockIODeviceWeight, 1);
4267 if (!w)
4268 return log_oom();
4269
4270 w->path = TAKE_PTR(resolved);
4271 w->weight = u;
4272
4273 LIST_PREPEND(device_weights, c->blockio_device_weights, w);
4274 return 0;
4275 }
4276
4277 int config_parse_blockio_bandwidth(
4278 const char *unit,
4279 const char *filename,
4280 unsigned line,
4281 const char *section,
4282 unsigned section_line,
4283 const char *lvalue,
4284 int ltype,
4285 const char *rvalue,
4286 void *data,
4287 void *userdata) {
4288
4289 _cleanup_free_ char *path = NULL, *resolved = NULL;
4290 CGroupBlockIODeviceBandwidth *b = NULL, *t;
4291 CGroupContext *c = data;
4292 const char *p = rvalue;
4293 uint64_t bytes;
4294 bool read;
4295 int r;
4296
4297 assert(filename);
4298 assert(lvalue);
4299 assert(rvalue);
4300
4301 read = streq("BlockIOReadBandwidth", lvalue);
4302
4303 if (isempty(rvalue)) {
4304 LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) {
4305 b->rbps = CGROUP_LIMIT_MAX;
4306 b->wbps = CGROUP_LIMIT_MAX;
4307 }
4308 return 0;
4309 }
4310
4311 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
4312 if (r == -ENOMEM)
4313 return log_oom();
4314 if (r <= 0 || isempty(p)) {
4315 log_syntax(unit, LOG_WARNING, filename, line, r,
4316 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
4317 return 0;
4318 }
4319
4320 r = unit_path_printf(userdata, path, &resolved);
4321 if (r < 0) {
4322 log_syntax(unit, LOG_WARNING, filename, line, r,
4323 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4324 return 0;
4325 }
4326
4327 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4328 if (r < 0)
4329 return 0;
4330
4331 r = parse_size(p, 1000, &bytes);
4332 if (r < 0 || bytes <= 0) {
4333 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid Block IO Bandwidth '%s', ignoring.", p);
4334 return 0;
4335 }
4336
4337 LIST_FOREACH(device_bandwidths, t, c->blockio_device_bandwidths) {
4338 if (path_equal(resolved, t->path)) {
4339 b = t;
4340 break;
4341 }
4342 }
4343
4344 if (!t) {
4345 b = new0(CGroupBlockIODeviceBandwidth, 1);
4346 if (!b)
4347 return log_oom();
4348
4349 b->path = TAKE_PTR(resolved);
4350 b->rbps = CGROUP_LIMIT_MAX;
4351 b->wbps = CGROUP_LIMIT_MAX;
4352
4353 LIST_PREPEND(device_bandwidths, c->blockio_device_bandwidths, b);
4354 }
4355
4356 if (read)
4357 b->rbps = bytes;
4358 else
4359 b->wbps = bytes;
4360
4361 return 0;
4362 }
4363
4364 int config_parse_job_mode_isolate(
4365 const char *unit,
4366 const char *filename,
4367 unsigned line,
4368 const char *section,
4369 unsigned section_line,
4370 const char *lvalue,
4371 int ltype,
4372 const char *rvalue,
4373 void *data,
4374 void *userdata) {
4375
4376 JobMode *m = data;
4377 int r;
4378
4379 assert(filename);
4380 assert(lvalue);
4381 assert(rvalue);
4382
4383 r = parse_boolean(rvalue);
4384 if (r < 0) {
4385 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse boolean, ignoring: %s", rvalue);
4386 return 0;
4387 }
4388
4389 log_notice("%s is deprecated. Please use OnFailureJobMode= instead", lvalue);
4390
4391 *m = r ? JOB_ISOLATE : JOB_REPLACE;
4392 return 0;
4393 }
4394
4395 int config_parse_exec_directories(
4396 const char *unit,
4397 const char *filename,
4398 unsigned line,
4399 const char *section,
4400 unsigned section_line,
4401 const char *lvalue,
4402 int ltype,
4403 const char *rvalue,
4404 void *data,
4405 void *userdata) {
4406
4407 char***rt = data;
4408 const Unit *u = userdata;
4409 int r;
4410
4411 assert(filename);
4412 assert(lvalue);
4413 assert(rvalue);
4414 assert(data);
4415
4416 if (isempty(rvalue)) {
4417 /* Empty assignment resets the list */
4418 *rt = strv_free(*rt);
4419 return 0;
4420 }
4421
4422 for (const char *p = rvalue;;) {
4423 _cleanup_free_ char *word = NULL, *k = NULL;
4424
4425 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
4426 if (r == -ENOMEM)
4427 return log_oom();
4428 if (r < 0) {
4429 log_syntax(unit, LOG_WARNING, filename, line, r,
4430 "Invalid syntax, ignoring: %s", rvalue);
4431 return 0;
4432 }
4433 if (r == 0)
4434 return 0;
4435
4436 r = unit_path_printf(u, word, &k);
4437 if (r < 0) {
4438 log_syntax(unit, LOG_WARNING, filename, line, r,
4439 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
4440 continue;
4441 }
4442
4443 r = path_simplify_and_warn(k, PATH_CHECK_RELATIVE, unit, filename, line, lvalue);
4444 if (r < 0)
4445 continue;
4446
4447 if (path_startswith(k, "private")) {
4448 log_syntax(unit, LOG_WARNING, filename, line, 0,
4449 "%s= path can't be 'private', ignoring assignment: %s", lvalue, word);
4450 continue;
4451 }
4452
4453 r = strv_push(rt, k);
4454 if (r < 0)
4455 return log_oom();
4456 k = NULL;
4457 }
4458 }
4459
4460 int config_parse_set_credential(
4461 const char *unit,
4462 const char *filename,
4463 unsigned line,
4464 const char *section,
4465 unsigned section_line,
4466 const char *lvalue,
4467 int ltype,
4468 const char *rvalue,
4469 void *data,
4470 void *userdata) {
4471
4472 _cleanup_free_ char *word = NULL, *k = NULL, *unescaped = NULL;
4473 ExecContext *context = data;
4474 ExecSetCredential *old;
4475 Unit *u = userdata;
4476 const char *p;
4477 int r, l;
4478
4479 assert(filename);
4480 assert(lvalue);
4481 assert(rvalue);
4482 assert(context);
4483
4484 if (isempty(rvalue)) {
4485 /* Empty assignment resets the list */
4486 context->set_credentials = hashmap_free(context->set_credentials);
4487 return 0;
4488 }
4489
4490 p = rvalue;
4491 r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
4492 if (r == -ENOMEM)
4493 return log_oom();
4494 if (r <= 0 || !p) {
4495 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
4496 return 0;
4497 }
4498
4499 r = unit_cred_printf(u, word, &k);
4500 if (r < 0) {
4501 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
4502 return 0;
4503 }
4504 if (!credential_name_valid(k)) {
4505 log_syntax(unit, LOG_WARNING, filename, line, 0, "Credential name \"%s\" not valid, ignoring.", k);
4506 return 0;
4507 }
4508
4509 /* We support escape codes here, so that users can insert trailing \n if they like */
4510 l = cunescape(p, UNESCAPE_ACCEPT_NUL, &unescaped);
4511 if (l < 0) {
4512 log_syntax(unit, LOG_WARNING, filename, line, l, "Can't unescape \"%s\", ignoring: %m", p);
4513 return 0;
4514 }
4515
4516 old = hashmap_get(context->set_credentials, k);
4517 if (old) {
4518 free_and_replace(old->data, unescaped);
4519 old->size = l;
4520 } else {
4521 _cleanup_(exec_set_credential_freep) ExecSetCredential *sc = NULL;
4522
4523 sc = new0(ExecSetCredential, 1);
4524 if (!sc)
4525 return log_oom();
4526
4527 sc->id = TAKE_PTR(k);
4528 sc->data = TAKE_PTR(unescaped);
4529 sc->size = l;
4530
4531 r = hashmap_ensure_put(&context->set_credentials, &exec_set_credential_hash_ops, sc->id, sc);
4532 if (r == -ENOMEM)
4533 return log_oom();
4534 if (r < 0) {
4535 log_syntax(unit, LOG_WARNING, filename, line, l,
4536 "Duplicated credential value '%s', ignoring assignment: %s", sc->id, rvalue);
4537 return 0;
4538 }
4539
4540 TAKE_PTR(sc);
4541 }
4542
4543 return 0;
4544 }
4545
4546 int config_parse_load_credential(
4547 const char *unit,
4548 const char *filename,
4549 unsigned line,
4550 const char *section,
4551 unsigned section_line,
4552 const char *lvalue,
4553 int ltype,
4554 const char *rvalue,
4555 void *data,
4556 void *userdata) {
4557
4558 _cleanup_free_ char *word = NULL, *k = NULL, *q = NULL;
4559 ExecContext *context = data;
4560 Unit *u = userdata;
4561 const char *p;
4562 int r;
4563
4564 assert(filename);
4565 assert(lvalue);
4566 assert(rvalue);
4567 assert(context);
4568
4569 if (isempty(rvalue)) {
4570 /* Empty assignment resets the list */
4571 context->load_credentials = strv_free(context->load_credentials);
4572 return 0;
4573 }
4574
4575 p = rvalue;
4576 r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
4577 if (r == -ENOMEM)
4578 return log_oom();
4579 if (r <= 0) {
4580 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
4581 return 0;
4582 }
4583
4584 r = unit_cred_printf(u, word, &k);
4585 if (r < 0) {
4586 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
4587 return 0;
4588 }
4589 if (!credential_name_valid(k)) {
4590 log_syntax(unit, LOG_WARNING, filename, line, 0, "Credential name \"%s\" not valid, ignoring.", k);
4591 return 0;
4592 }
4593
4594 if (isempty(p)) {
4595 /* If only one field field is specified take it as shortcut for inheriting a credential named
4596 * the same way from our parent */
4597 q = strdup(k);
4598 if (!q)
4599 return log_oom();
4600 } else {
4601 r = unit_path_printf(u, p, &q);
4602 if (r < 0) {
4603 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", p);
4604 return 0;
4605 }
4606 if (path_is_absolute(q) ? !path_is_normalized(q) : !credential_name_valid(q)) {
4607 log_syntax(unit, LOG_WARNING, filename, line, r, "Credential source \"%s\" not valid, ignoring.", q);
4608 return 0;
4609 }
4610 }
4611
4612 r = strv_consume_pair(&context->load_credentials, TAKE_PTR(k), TAKE_PTR(q));
4613 if (r < 0)
4614 return log_oom();
4615
4616 return 0;
4617 }
4618
4619 int config_parse_set_status(
4620 const char *unit,
4621 const char *filename,
4622 unsigned line,
4623 const char *section,
4624 unsigned section_line,
4625 const char *lvalue,
4626 int ltype,
4627 const char *rvalue,
4628 void *data,
4629 void *userdata) {
4630
4631 ExitStatusSet *status_set = data;
4632 int r;
4633
4634 assert(filename);
4635 assert(lvalue);
4636 assert(rvalue);
4637 assert(status_set);
4638
4639 /* Empty assignment resets the list */
4640 if (isempty(rvalue)) {
4641 exit_status_set_free(status_set);
4642 return 0;
4643 }
4644
4645 for (const char *p = rvalue;;) {
4646 _cleanup_free_ char *word = NULL;
4647 Bitmap *bitmap;
4648
4649 r = extract_first_word(&p, &word, NULL, 0);
4650 if (r == -ENOMEM)
4651 return log_oom();
4652 if (r < 0) {
4653 log_syntax(unit, LOG_WARNING, filename, line, r,
4654 "Failed to parse %s=%s, ignoring: %m", lvalue, rvalue);
4655 return 0;
4656 }
4657 if (r == 0)
4658 return 0;
4659
4660 /* We need to call exit_status_from_string() first, because we want
4661 * to parse numbers as exit statuses, not signals. */
4662
4663 r = exit_status_from_string(word);
4664 if (r >= 0) {
4665 assert(r >= 0 && r < 256);
4666 bitmap = &status_set->status;
4667 } else {
4668 r = signal_from_string(word);
4669 if (r < 0) {
4670 log_syntax(unit, LOG_WARNING, filename, line, r,
4671 "Failed to parse value, ignoring: %s", word);
4672 continue;
4673 }
4674 bitmap = &status_set->signal;
4675 }
4676
4677 r = bitmap_set(bitmap, r);
4678 if (r < 0)
4679 log_syntax(unit, LOG_WARNING, filename, line, r,
4680 "Failed to set signal or status %s, ignoring: %m", word);
4681 }
4682 }
4683
4684 int config_parse_namespace_path_strv(
4685 const char *unit,
4686 const char *filename,
4687 unsigned line,
4688 const char *section,
4689 unsigned section_line,
4690 const char *lvalue,
4691 int ltype,
4692 const char *rvalue,
4693 void *data,
4694 void *userdata) {
4695
4696 const Unit *u = userdata;
4697 char*** sv = data;
4698 int r;
4699
4700 assert(filename);
4701 assert(lvalue);
4702 assert(rvalue);
4703 assert(data);
4704
4705 if (isempty(rvalue)) {
4706 /* Empty assignment resets the list */
4707 *sv = strv_free(*sv);
4708 return 0;
4709 }
4710
4711 for (const char *p = rvalue;;) {
4712 _cleanup_free_ char *word = NULL, *resolved = NULL, *joined = NULL;
4713 const char *w;
4714 bool ignore_enoent = false, shall_prefix = false;
4715
4716 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
4717 if (r == -ENOMEM)
4718 return log_oom();
4719 if (r < 0) {
4720 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
4721 return 0;
4722 }
4723 if (r == 0)
4724 break;
4725
4726 w = word;
4727 if (startswith(w, "-")) {
4728 ignore_enoent = true;
4729 w++;
4730 }
4731 if (startswith(w, "+")) {
4732 shall_prefix = true;
4733 w++;
4734 }
4735
4736 r = unit_path_printf(u, w, &resolved);
4737 if (r < 0) {
4738 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s: %m", w);
4739 continue;
4740 }
4741
4742 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4743 if (r < 0)
4744 continue;
4745
4746 joined = strjoin(ignore_enoent ? "-" : "",
4747 shall_prefix ? "+" : "",
4748 resolved);
4749
4750 r = strv_push(sv, joined);
4751 if (r < 0)
4752 return log_oom();
4753
4754 joined = NULL;
4755 }
4756
4757 return 0;
4758 }
4759
4760 int config_parse_temporary_filesystems(
4761 const char *unit,
4762 const char *filename,
4763 unsigned line,
4764 const char *section,
4765 unsigned section_line,
4766 const char *lvalue,
4767 int ltype,
4768 const char *rvalue,
4769 void *data,
4770 void *userdata) {
4771
4772 const Unit *u = userdata;
4773 ExecContext *c = data;
4774 int r;
4775
4776 assert(filename);
4777 assert(lvalue);
4778 assert(rvalue);
4779 assert(data);
4780
4781 if (isempty(rvalue)) {
4782 /* Empty assignment resets the list */
4783 temporary_filesystem_free_many(c->temporary_filesystems, c->n_temporary_filesystems);
4784 c->temporary_filesystems = NULL;
4785 c->n_temporary_filesystems = 0;
4786 return 0;
4787 }
4788
4789 for (const char *p = rvalue;;) {
4790 _cleanup_free_ char *word = NULL, *path = NULL, *resolved = NULL;
4791 const char *w;
4792
4793 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
4794 if (r == -ENOMEM)
4795 return log_oom();
4796 if (r < 0) {
4797 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
4798 return 0;
4799 }
4800 if (r == 0)
4801 return 0;
4802
4803 w = word;
4804 r = extract_first_word(&w, &path, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
4805 if (r == -ENOMEM)
4806 return log_oom();
4807 if (r < 0) {
4808 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract first word, ignoring: %s", word);
4809 continue;
4810 }
4811 if (r == 0) {
4812 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid syntax, ignoring: %s", word);
4813 continue;
4814 }
4815
4816 r = unit_path_printf(u, path, &resolved);
4817 if (r < 0) {
4818 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", path);
4819 continue;
4820 }
4821
4822 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4823 if (r < 0)
4824 continue;
4825
4826 r = temporary_filesystem_add(&c->temporary_filesystems, &c->n_temporary_filesystems, resolved, w);
4827 if (r < 0)
4828 return log_oom();
4829 }
4830 }
4831
4832 int config_parse_bind_paths(
4833 const char *unit,
4834 const char *filename,
4835 unsigned line,
4836 const char *section,
4837 unsigned section_line,
4838 const char *lvalue,
4839 int ltype,
4840 const char *rvalue,
4841 void *data,
4842 void *userdata) {
4843
4844 ExecContext *c = data;
4845 const Unit *u = userdata;
4846 int r;
4847
4848 assert(filename);
4849 assert(lvalue);
4850 assert(rvalue);
4851 assert(data);
4852
4853 if (isempty(rvalue)) {
4854 /* Empty assignment resets the list */
4855 bind_mount_free_many(c->bind_mounts, c->n_bind_mounts);
4856 c->bind_mounts = NULL;
4857 c->n_bind_mounts = 0;
4858 return 0;
4859 }
4860
4861 for (const char *p = rvalue;;) {
4862 _cleanup_free_ char *source = NULL, *destination = NULL;
4863 _cleanup_free_ char *sresolved = NULL, *dresolved = NULL;
4864 char *s = NULL, *d = NULL;
4865 bool rbind = true, ignore_enoent = false;
4866
4867 r = extract_first_word(&p, &source, ":" WHITESPACE, EXTRACT_UNQUOTE|EXTRACT_DONT_COALESCE_SEPARATORS);
4868 if (r == -ENOMEM)
4869 return log_oom();
4870 if (r < 0) {
4871 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
4872 return 0;
4873 }
4874 if (r == 0)
4875 break;
4876
4877 r = unit_full_printf_full(u, source, PATH_MAX, &sresolved);
4878 if (r < 0) {
4879 log_syntax(unit, LOG_WARNING, filename, line, r,
4880 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", source);
4881 continue;
4882 }
4883
4884 s = sresolved;
4885 if (s[0] == '-') {
4886 ignore_enoent = true;
4887 s++;
4888 }
4889
4890 r = path_simplify_and_warn(s, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4891 if (r < 0)
4892 continue;
4893
4894 /* Optionally, the destination is specified. */
4895 if (p && p[-1] == ':') {
4896 r = extract_first_word(&p, &destination, ":" WHITESPACE, EXTRACT_UNQUOTE|EXTRACT_DONT_COALESCE_SEPARATORS);
4897 if (r == -ENOMEM)
4898 return log_oom();
4899 if (r < 0) {
4900 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
4901 return 0;
4902 }
4903 if (r == 0) {
4904 log_syntax(unit, LOG_WARNING, filename, line, 0, "Missing argument after ':', ignoring: %s", s);
4905 continue;
4906 }
4907
4908 r = unit_path_printf(u, destination, &dresolved);
4909 if (r < 0) {
4910 log_syntax(unit, LOG_WARNING, filename, line, r,
4911 "Failed to resolve specifiers in \"%s\", ignoring: %m", destination);
4912 continue;
4913 }
4914
4915 r = path_simplify_and_warn(dresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4916 if (r < 0)
4917 continue;
4918
4919 d = dresolved;
4920
4921 /* Optionally, there's also a short option string specified */
4922 if (p && p[-1] == ':') {
4923 _cleanup_free_ char *options = NULL;
4924
4925 r = extract_first_word(&p, &options, NULL, EXTRACT_UNQUOTE);
4926 if (r == -ENOMEM)
4927 return log_oom();
4928 if (r < 0) {
4929 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s: %s", lvalue, rvalue);
4930 return 0;
4931 }
4932
4933 if (isempty(options) || streq(options, "rbind"))
4934 rbind = true;
4935 else if (streq(options, "norbind"))
4936 rbind = false;
4937 else {
4938 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid option string, ignoring setting: %s", options);
4939 continue;
4940 }
4941 }
4942 } else
4943 d = s;
4944
4945 r = bind_mount_add(&c->bind_mounts, &c->n_bind_mounts,
4946 &(BindMount) {
4947 .source = s,
4948 .destination = d,
4949 .read_only = !!strstr(lvalue, "ReadOnly"),
4950 .recursive = rbind,
4951 .ignore_enoent = ignore_enoent,
4952 });
4953 if (r < 0)
4954 return log_oom();
4955 }
4956
4957 return 0;
4958 }
4959
4960 int config_parse_mount_images(
4961 const char *unit,
4962 const char *filename,
4963 unsigned line,
4964 const char *section,
4965 unsigned section_line,
4966 const char *lvalue,
4967 int ltype,
4968 const char *rvalue,
4969 void *data,
4970 void *userdata) {
4971
4972 ExecContext *c = data;
4973 const Unit *u = userdata;
4974 int r;
4975
4976 assert(filename);
4977 assert(lvalue);
4978 assert(rvalue);
4979 assert(data);
4980
4981 if (isempty(rvalue)) {
4982 /* Empty assignment resets the list */
4983 c->mount_images = mount_image_free_many(c->mount_images, &c->n_mount_images);
4984 return 0;
4985 }
4986
4987 for (const char *p = rvalue;;) {
4988 _cleanup_(mount_options_free_allp) MountOptions *options = NULL;
4989 _cleanup_free_ char *first = NULL, *second = NULL, *tuple = NULL;
4990 _cleanup_free_ char *sresolved = NULL, *dresolved = NULL;
4991 const char *q = NULL;
4992 char *s = NULL;
4993 bool permissive = false;
4994
4995 r = extract_first_word(&p, &tuple, NULL, EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE);
4996 if (r == -ENOMEM)
4997 return log_oom();
4998 if (r < 0) {
4999 log_syntax(unit, LOG_WARNING, filename, line, r,
5000 "Invalid syntax %s=%s, ignoring: %m", lvalue, rvalue);
5001 return 0;
5002 }
5003 if (r == 0)
5004 return 0;
5005
5006 q = tuple;
5007 r = extract_many_words(&q, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS, &first, &second, NULL);
5008 if (r == -ENOMEM)
5009 return log_oom();
5010 if (r < 0) {
5011 log_syntax(unit, LOG_WARNING, filename, line, r,
5012 "Invalid syntax in %s=, ignoring: %s", lvalue, tuple);
5013 return 0;
5014 }
5015 if (r == 0)
5016 continue;
5017
5018 s = first;
5019 if (s[0] == '-') {
5020 permissive = true;
5021 s++;
5022 }
5023
5024 r = unit_path_printf(u, s, &sresolved);
5025 if (r < 0) {
5026 log_syntax(unit, LOG_WARNING, filename, line, r,
5027 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s);
5028 continue;
5029 }
5030
5031 r = path_simplify_and_warn(sresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5032 if (r < 0)
5033 continue;
5034
5035 if (isempty(second)) {
5036 log_syntax(unit, LOG_WARNING, filename, line, 0, "Missing destination in %s, ignoring: %s", lvalue, rvalue);
5037 continue;
5038 }
5039
5040 r = unit_path_printf(u, second, &dresolved);
5041 if (r < 0) {
5042 log_syntax(unit, LOG_WARNING, filename, line, r,
5043 "Failed to resolve specifiers in \"%s\", ignoring: %m", second);
5044 continue;
5045 }
5046
5047 r = path_simplify_and_warn(dresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5048 if (r < 0)
5049 continue;
5050
5051 for (;;) {
5052 _cleanup_free_ char *partition = NULL, *mount_options = NULL, *mount_options_resolved = NULL;
5053 MountOptions *o = NULL;
5054 PartitionDesignator partition_designator;
5055
5056 r = extract_many_words(&q, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS, &partition, &mount_options, NULL);
5057 if (r == -ENOMEM)
5058 return log_oom();
5059 if (r < 0) {
5060 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", q);
5061 return 0;
5062 }
5063 if (r == 0)
5064 break;
5065 /* Single set of options, applying to the root partition/single filesystem */
5066 if (r == 1) {
5067 r = unit_full_printf(u, partition, &mount_options_resolved);
5068 if (r < 0) {
5069 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", first);
5070 continue;
5071 }
5072
5073 o = new(MountOptions, 1);
5074 if (!o)
5075 return log_oom();
5076 *o = (MountOptions) {
5077 .partition_designator = PARTITION_ROOT,
5078 .options = TAKE_PTR(mount_options_resolved),
5079 };
5080 LIST_APPEND(mount_options, options, o);
5081
5082 break;
5083 }
5084
5085 partition_designator = partition_designator_from_string(partition);
5086 if (partition_designator < 0) {
5087 log_syntax(unit, LOG_WARNING, filename, line, partition_designator,
5088 "Invalid partition name %s, ignoring", partition);
5089 continue;
5090 }
5091 r = unit_full_printf(u, mount_options, &mount_options_resolved);
5092 if (r < 0) {
5093 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options);
5094 continue;
5095 }
5096
5097 o = new(MountOptions, 1);
5098 if (!o)
5099 return log_oom();
5100 *o = (MountOptions) {
5101 .partition_designator = partition_designator,
5102 .options = TAKE_PTR(mount_options_resolved),
5103 };
5104 LIST_APPEND(mount_options, options, o);
5105 }
5106
5107 r = mount_image_add(&c->mount_images, &c->n_mount_images,
5108 &(MountImage) {
5109 .source = sresolved,
5110 .destination = dresolved,
5111 .mount_options = options,
5112 .ignore_enoent = permissive,
5113 .type = MOUNT_IMAGE_DISCRETE,
5114 });
5115 if (r < 0)
5116 return log_oom();
5117 }
5118 }
5119
5120 int config_parse_extension_images(
5121 const char *unit,
5122 const char *filename,
5123 unsigned line,
5124 const char *section,
5125 unsigned section_line,
5126 const char *lvalue,
5127 int ltype,
5128 const char *rvalue,
5129 void *data,
5130 void *userdata) {
5131
5132 ExecContext *c = data;
5133 const Unit *u = userdata;
5134 int r;
5135
5136 assert(filename);
5137 assert(lvalue);
5138 assert(rvalue);
5139 assert(data);
5140
5141 if (isempty(rvalue)) {
5142 /* Empty assignment resets the list */
5143 c->extension_images = mount_image_free_many(c->extension_images, &c->n_extension_images);
5144 return 0;
5145 }
5146
5147 for (const char *p = rvalue;;) {
5148 _cleanup_free_ char *source = NULL, *tuple = NULL, *sresolved = NULL;
5149 _cleanup_(mount_options_free_allp) MountOptions *options = NULL;
5150 bool permissive = false;
5151 const char *q = NULL;
5152 char *s = NULL;
5153
5154 r = extract_first_word(&p, &tuple, NULL, EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE);
5155 if (r == -ENOMEM)
5156 return log_oom();
5157 if (r < 0) {
5158 log_syntax(unit, LOG_WARNING, filename, line, r,
5159 "Invalid syntax %s=%s, ignoring: %m", lvalue, rvalue);
5160 return 0;
5161 }
5162 if (r == 0)
5163 return 0;
5164
5165 q = tuple;
5166 r = extract_first_word(&q, &source, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS);
5167 if (r == -ENOMEM)
5168 return log_oom();
5169 if (r < 0) {
5170 log_syntax(unit, LOG_WARNING, filename, line, r,
5171 "Invalid syntax in %s=, ignoring: %s", lvalue, tuple);
5172 return 0;
5173 }
5174 if (r == 0)
5175 continue;
5176
5177 s = source;
5178 if (s[0] == '-') {
5179 permissive = true;
5180 s++;
5181 }
5182
5183 r = unit_path_printf(u, s, &sresolved);
5184 if (r < 0) {
5185 log_syntax(unit, LOG_WARNING, filename, line, r,
5186 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s);
5187 continue;
5188 }
5189
5190 r = path_simplify_and_warn(sresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5191 if (r < 0)
5192 continue;
5193
5194 for (;;) {
5195 _cleanup_free_ char *partition = NULL, *mount_options = NULL, *mount_options_resolved = NULL;
5196 MountOptions *o = NULL;
5197 PartitionDesignator partition_designator;
5198
5199 r = extract_many_words(&q, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS, &partition, &mount_options, NULL);
5200 if (r == -ENOMEM)
5201 return log_oom();
5202 if (r < 0) {
5203 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", q);
5204 return 0;
5205 }
5206 if (r == 0)
5207 break;
5208 /* Single set of options, applying to the root partition/single filesystem */
5209 if (r == 1) {
5210 r = unit_full_printf(u, partition, &mount_options_resolved);
5211 if (r < 0) {
5212 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", partition);
5213 continue;
5214 }
5215
5216 o = new(MountOptions, 1);
5217 if (!o)
5218 return log_oom();
5219 *o = (MountOptions) {
5220 .partition_designator = PARTITION_ROOT,
5221 .options = TAKE_PTR(mount_options_resolved),
5222 };
5223 LIST_APPEND(mount_options, options, o);
5224
5225 break;
5226 }
5227
5228 partition_designator = partition_designator_from_string(partition);
5229 if (partition_designator < 0) {
5230 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid partition name %s, ignoring", partition);
5231 continue;
5232 }
5233 r = unit_full_printf(u, mount_options, &mount_options_resolved);
5234 if (r < 0) {
5235 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options);
5236 continue;
5237 }
5238
5239 o = new(MountOptions, 1);
5240 if (!o)
5241 return log_oom();
5242 *o = (MountOptions) {
5243 .partition_designator = partition_designator,
5244 .options = TAKE_PTR(mount_options_resolved),
5245 };
5246 LIST_APPEND(mount_options, options, o);
5247 }
5248
5249 r = mount_image_add(&c->extension_images, &c->n_extension_images,
5250 &(MountImage) {
5251 .source = sresolved,
5252 .mount_options = options,
5253 .ignore_enoent = permissive,
5254 .type = MOUNT_IMAGE_EXTENSION,
5255 });
5256 if (r < 0)
5257 return log_oom();
5258 }
5259 }
5260
5261 int config_parse_job_timeout_sec(
5262 const char* unit,
5263 const char *filename,
5264 unsigned line,
5265 const char *section,
5266 unsigned section_line,
5267 const char *lvalue,
5268 int ltype,
5269 const char *rvalue,
5270 void *data,
5271 void *userdata) {
5272
5273 Unit *u = data;
5274 usec_t usec;
5275 int r;
5276
5277 assert(filename);
5278 assert(lvalue);
5279 assert(rvalue);
5280 assert(u);
5281
5282 r = parse_sec_fix_0(rvalue, &usec);
5283 if (r < 0) {
5284 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue);
5285 return 0;
5286 }
5287
5288 /* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old
5289 * versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the user picked should
5290 * count. */
5291
5292 if (!u->job_running_timeout_set)
5293 u->job_running_timeout = usec;
5294
5295 u->job_timeout = usec;
5296
5297 return 0;
5298 }
5299
5300 int config_parse_job_running_timeout_sec(
5301 const char* unit,
5302 const char *filename,
5303 unsigned line,
5304 const char *section,
5305 unsigned section_line,
5306 const char *lvalue,
5307 int ltype,
5308 const char *rvalue,
5309 void *data,
5310 void *userdata) {
5311
5312 Unit *u = data;
5313 usec_t usec;
5314 int r;
5315
5316 assert(filename);
5317 assert(lvalue);
5318 assert(rvalue);
5319 assert(u);
5320
5321 r = parse_sec_fix_0(rvalue, &usec);
5322 if (r < 0) {
5323 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue);
5324 return 0;
5325 }
5326
5327 u->job_running_timeout = usec;
5328 u->job_running_timeout_set = true;
5329
5330 return 0;
5331 }
5332
5333 int config_parse_emergency_action(
5334 const char* unit,
5335 const char *filename,
5336 unsigned line,
5337 const char *section,
5338 unsigned section_line,
5339 const char *lvalue,
5340 int ltype,
5341 const char *rvalue,
5342 void *data,
5343 void *userdata) {
5344
5345 Manager *m = NULL;
5346 EmergencyAction *x = data;
5347 int r;
5348
5349 assert(filename);
5350 assert(lvalue);
5351 assert(rvalue);
5352 assert(data);
5353
5354 if (unit)
5355 m = ((Unit*) userdata)->manager;
5356 else
5357 m = data;
5358
5359 r = parse_emergency_action(rvalue, MANAGER_IS_SYSTEM(m), x);
5360 if (r < 0) {
5361 if (r == -EOPNOTSUPP && MANAGER_IS_USER(m)) {
5362 /* Compat mode: remove for systemd 241. */
5363
5364 log_syntax(unit, LOG_INFO, filename, line, r,
5365 "%s= in user mode specified as \"%s\", using \"exit-force\" instead.",
5366 lvalue, rvalue);
5367 *x = EMERGENCY_ACTION_EXIT_FORCE;
5368 return 0;
5369 }
5370
5371 if (r == -EOPNOTSUPP)
5372 log_syntax(unit, LOG_WARNING, filename, line, r,
5373 "%s= specified as %s mode action, ignoring: %s",
5374 lvalue, MANAGER_IS_SYSTEM(m) ? "user" : "system", rvalue);
5375 else
5376 log_syntax(unit, LOG_WARNING, filename, line, r,
5377 "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
5378 return 0;
5379 }
5380
5381 return 0;
5382 }
5383
5384 int config_parse_pid_file(
5385 const char *unit,
5386 const char *filename,
5387 unsigned line,
5388 const char *section,
5389 unsigned section_line,
5390 const char *lvalue,
5391 int ltype,
5392 const char *rvalue,
5393 void *data,
5394 void *userdata) {
5395
5396 _cleanup_free_ char *k = NULL, *n = NULL;
5397 const Unit *u = userdata;
5398 char **s = data;
5399 int r;
5400
5401 assert(filename);
5402 assert(lvalue);
5403 assert(rvalue);
5404 assert(u);
5405
5406 if (isempty(rvalue)) {
5407 /* An empty assignment removes already set value. */
5408 *s = mfree(*s);
5409 return 0;
5410 }
5411
5412 r = unit_path_printf(u, rvalue, &k);
5413 if (r < 0) {
5414 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
5415 return 0;
5416 }
5417
5418 /* If this is a relative path make it absolute by prefixing the /run */
5419 n = path_make_absolute(k, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
5420 if (!n)
5421 return log_oom();
5422
5423 /* Check that the result is a sensible path */
5424 r = path_simplify_and_warn(n, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5425 if (r < 0)
5426 return r;
5427
5428 r = patch_var_run(unit, filename, line, lvalue, &n);
5429 if (r < 0)
5430 return r;
5431
5432 free_and_replace(*s, n);
5433 return 0;
5434 }
5435
5436 int config_parse_exit_status(
5437 const char *unit,
5438 const char *filename,
5439 unsigned line,
5440 const char *section,
5441 unsigned section_line,
5442 const char *lvalue,
5443 int ltype,
5444 const char *rvalue,
5445 void *data,
5446 void *userdata) {
5447
5448 int *exit_status = data, r;
5449 uint8_t u;
5450
5451 assert(filename);
5452 assert(lvalue);
5453 assert(rvalue);
5454 assert(exit_status);
5455
5456 if (isempty(rvalue)) {
5457 *exit_status = -1;
5458 return 0;
5459 }
5460
5461 r = safe_atou8(rvalue, &u);
5462 if (r < 0) {
5463 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse exit status '%s', ignoring: %m", rvalue);
5464 return 0;
5465 }
5466
5467 *exit_status = u;
5468 return 0;
5469 }
5470
5471 int config_parse_disable_controllers(
5472 const char *unit,
5473 const char *filename,
5474 unsigned line,
5475 const char *section,
5476 unsigned section_line,
5477 const char *lvalue,
5478 int ltype,
5479 const char *rvalue,
5480 void *data,
5481 void *userdata) {
5482
5483 int r;
5484 CGroupContext *c = data;
5485 CGroupMask disabled_mask;
5486
5487 /* 1. If empty, make all controllers eligible for use again.
5488 * 2. If non-empty, merge all listed controllers, space separated. */
5489
5490 if (isempty(rvalue)) {
5491 c->disable_controllers = 0;
5492 return 0;
5493 }
5494
5495 r = cg_mask_from_string(rvalue, &disabled_mask);
5496 if (r < 0 || disabled_mask <= 0) {
5497 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid cgroup string: %s, ignoring", rvalue);
5498 return 0;
5499 }
5500
5501 c->disable_controllers |= disabled_mask;
5502
5503 return 0;
5504 }
5505
5506 int config_parse_ip_filter_bpf_progs(
5507 const char *unit,
5508 const char *filename,
5509 unsigned line,
5510 const char *section,
5511 unsigned section_line,
5512 const char *lvalue,
5513 int ltype,
5514 const char *rvalue,
5515 void *data,
5516 void *userdata) {
5517
5518 _cleanup_free_ char *resolved = NULL;
5519 const Unit *u = userdata;
5520 char ***paths = data;
5521 int r;
5522
5523 assert(filename);
5524 assert(lvalue);
5525 assert(rvalue);
5526 assert(paths);
5527
5528 if (isempty(rvalue)) {
5529 *paths = strv_free(*paths);
5530 return 0;
5531 }
5532
5533 r = unit_path_printf(u, rvalue, &resolved);
5534 if (r < 0) {
5535 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
5536 return 0;
5537 }
5538
5539 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5540 if (r < 0)
5541 return 0;
5542
5543 if (strv_contains(*paths, resolved))
5544 return 0;
5545
5546 r = strv_extend(paths, resolved);
5547 if (r < 0)
5548 return log_oom();
5549
5550 r = bpf_firewall_supported();
5551 if (r < 0)
5552 return r;
5553 if (r != BPF_FIREWALL_SUPPORTED_WITH_MULTI) {
5554 static bool warned = false;
5555
5556 log_full(warned ? LOG_DEBUG : LOG_WARNING,
5557 "File %s:%u configures an IP firewall with BPF programs (%s=%s), but the local system does not support BPF/cgroup based firewalling with multiple filters.\n"
5558 "Starting this unit will fail! (This warning is only shown for the first loaded unit using IP firewalling.)", filename, line, lvalue, rvalue);
5559
5560 warned = true;
5561 }
5562
5563 return 0;
5564 }
5565
5566 int config_parse_bpf_foreign_program(
5567 const char *unit,
5568 const char *filename,
5569 unsigned line,
5570 const char *section,
5571 unsigned section_line,
5572 const char *lvalue,
5573 int ltype,
5574 const char *rvalue,
5575 void *data,
5576 void *userdata) {
5577 _cleanup_free_ char *resolved = NULL, *word = NULL;
5578 CGroupContext *c = data;
5579 Unit *u = userdata;
5580 int attach_type, r;
5581
5582 assert(filename);
5583 assert(lvalue);
5584 assert(rvalue);
5585
5586 if (isempty(rvalue)) {
5587 while (c->bpf_foreign_programs)
5588 cgroup_context_remove_bpf_foreign_program(c, c->bpf_foreign_programs);
5589
5590 return 0;
5591 }
5592
5593 r = extract_first_word(&rvalue, &word, ":", 0);
5594 if (r == -ENOMEM)
5595 return log_oom();
5596 if (r <= 0 || isempty(rvalue)) {
5597 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse foreign BPF program, ignoring: %s", rvalue);
5598 return 0;
5599 }
5600
5601 attach_type = bpf_cgroup_attach_type_from_string(word);
5602 if (attach_type < 0) {
5603 log_syntax(unit, LOG_WARNING, filename, line, 0, "Unknown BPF attach type=%s, ignoring: %s", word, rvalue);
5604 return 0;
5605 }
5606
5607 r = unit_path_printf(u, rvalue, &resolved);
5608 if (r < 0) {
5609 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
5610 return 0;
5611 }
5612
5613 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5614 if (r < 0)
5615 return 0;
5616
5617 r = cgroup_add_bpf_foreign_program(c, attach_type, resolved);
5618 if (r < 0)
5619 return log_error_errno(r, "Failed to add foreign BPF program to cgroup context: %m");
5620
5621 return 0;
5622 }
5623
5624 int config_parse_cgroup_socket_bind(
5625 const char *unit,
5626 const char *filename,
5627 unsigned line,
5628 const char *section,
5629 unsigned section_line,
5630 const char *lvalue,
5631 int ltype,
5632 const char *rvalue,
5633 void *data,
5634 void *userdata) {
5635 _cleanup_free_ CGroupSocketBindItem *item = NULL;
5636 const char *user_port;
5637 uint16_t nr_ports = 0, port_min = 0;
5638 CGroupSocketBindItem **head = data;
5639 _cleanup_free_ char *word = NULL;
5640 int af, r;
5641
5642 if (isempty(rvalue)) {
5643 cgroup_context_remove_socket_bind(head);
5644 return 0;
5645 }
5646
5647 r = extract_first_word(&rvalue, &word, ":", 0);
5648 if (r == -ENOMEM)
5649 return log_oom();
5650 if (r <= 0) {
5651 log_syntax(unit, LOG_WARNING, filename, line, r,
5652 "Unable to parse %s= assignment, ignoring: %s", lvalue, rvalue);
5653 return 0;
5654 }
5655
5656 if (rvalue) {
5657 af = af_from_ipv4_ipv6(word);
5658 if (af == AF_UNSPEC) {
5659 log_syntax(unit, LOG_WARNING, filename, line, 0,
5660 "Only \"ipv4\" and \"ipv6\" protocols are supported, ignoring.");
5661 return 0;
5662 }
5663
5664 user_port = rvalue;
5665 } else {
5666 af = AF_UNSPEC;
5667 user_port = word;
5668 }
5669
5670 if (!streq(user_port, "any")) {
5671 uint16_t port_max;
5672
5673 r = parse_ip_port_range(user_port, &port_min, &port_max);
5674 if (r == -ENOMEM)
5675 return log_oom();
5676 if (r < 0) {
5677 log_syntax(unit, LOG_WARNING, filename, line, r,
5678 "Invalid port or port range, ignoring: %m");
5679 return 0;
5680 }
5681
5682 nr_ports = 1 + port_max - port_min;
5683 }
5684
5685 item = new(CGroupSocketBindItem, 1);
5686 if (!item)
5687 return log_oom();
5688 *item = (CGroupSocketBindItem) {
5689 .address_family = af,
5690 .nr_ports = nr_ports,
5691 .port_min = port_min,
5692 };
5693
5694 LIST_PREPEND(socket_bind_items, *head, TAKE_PTR(item));
5695
5696 return 0;
5697 }
5698
5699 static int merge_by_names(Unit **u, Set *names, const char *id) {
5700 char *k;
5701 int r;
5702
5703 assert(u);
5704 assert(*u);
5705
5706 /* Let's try to add in all names that are aliases of this unit */
5707 while ((k = set_steal_first(names))) {
5708 _cleanup_free_ _unused_ char *free_k = k;
5709
5710 /* First try to merge in the other name into our unit */
5711 r = unit_merge_by_name(*u, k);
5712 if (r < 0) {
5713 Unit *other;
5714
5715 /* Hmm, we couldn't merge the other unit into ours? Then let's try it the other way
5716 * round. */
5717
5718 other = manager_get_unit((*u)->manager, k);
5719 if (!other)
5720 return r; /* return previous failure */
5721
5722 r = unit_merge(other, *u);
5723 if (r < 0)
5724 return r;
5725
5726 *u = other;
5727 return merge_by_names(u, names, NULL);
5728 }
5729
5730 if (streq_ptr(id, k))
5731 unit_choose_id(*u, id);
5732 }
5733
5734 return 0;
5735 }
5736
5737 int unit_load_fragment(Unit *u) {
5738 const char *fragment;
5739 _cleanup_set_free_free_ Set *names = NULL;
5740 int r;
5741
5742 assert(u);
5743 assert(u->load_state == UNIT_STUB);
5744 assert(u->id);
5745
5746 if (u->transient) {
5747 u->load_state = UNIT_LOADED;
5748 return 0;
5749 }
5750
5751 /* Possibly rebuild the fragment map to catch new units */
5752 r = unit_file_build_name_map(&u->manager->lookup_paths,
5753 &u->manager->unit_cache_timestamp_hash,
5754 &u->manager->unit_id_map,
5755 &u->manager->unit_name_map,
5756 &u->manager->unit_path_cache);
5757 if (r < 0)
5758 return log_error_errno(r, "Failed to rebuild name map: %m");
5759
5760 r = unit_file_find_fragment(u->manager->unit_id_map,
5761 u->manager->unit_name_map,
5762 u->id,
5763 &fragment,
5764 &names);
5765 if (r < 0 && r != -ENOENT)
5766 return r;
5767
5768 if (fragment) {
5769 /* Open the file, check if this is a mask, otherwise read. */
5770 _cleanup_fclose_ FILE *f = NULL;
5771 struct stat st;
5772
5773 /* Try to open the file name. A symlink is OK, for example for linked files or masks. We
5774 * expect that all symlinks within the lookup paths have been already resolved, but we don't
5775 * verify this here. */
5776 f = fopen(fragment, "re");
5777 if (!f)
5778 return log_unit_notice_errno(u, errno, "Failed to open %s: %m", fragment);
5779
5780 if (fstat(fileno(f), &st) < 0)
5781 return -errno;
5782
5783 r = free_and_strdup(&u->fragment_path, fragment);
5784 if (r < 0)
5785 return r;
5786
5787 if (null_or_empty(&st)) {
5788 /* Unit file is masked */
5789
5790 u->load_state = u->perpetual ? UNIT_LOADED : UNIT_MASKED; /* don't allow perpetual units to ever be masked */
5791 u->fragment_mtime = 0;
5792 } else {
5793 u->load_state = UNIT_LOADED;
5794 u->fragment_mtime = timespec_load(&st.st_mtim);
5795
5796 /* Now, parse the file contents */
5797 r = config_parse(u->id, fragment, f,
5798 UNIT_VTABLE(u)->sections,
5799 config_item_perf_lookup, load_fragment_gperf_lookup,
5800 0,
5801 u,
5802 NULL);
5803 if (r == -ENOEXEC)
5804 log_unit_notice_errno(u, r, "Unit configuration has fatal error, unit will not be started.");
5805 if (r < 0)
5806 return r;
5807 }
5808 }
5809
5810 /* Call merge_by_names with the name derived from the fragment path as the preferred name.
5811 *
5812 * We do the merge dance here because for some unit types, the unit might have aliases which are not
5813 * declared in the file system. In particular, this is true (and frequent) for device and swap units.
5814 */
5815 const char *id = u->id;
5816 _cleanup_free_ char *free_id = NULL;
5817
5818 if (fragment) {
5819 id = basename(fragment);
5820 if (unit_name_is_valid(id, UNIT_NAME_TEMPLATE)) {
5821 assert(u->instance); /* If we're not trying to use a template for non-instanced unit,
5822 * this must be set. */
5823
5824 r = unit_name_replace_instance(id, u->instance, &free_id);
5825 if (r < 0)
5826 return log_debug_errno(r, "Failed to build id (%s + %s): %m", id, u->instance);
5827 id = free_id;
5828 }
5829 }
5830
5831 Unit *merged = u;
5832 r = merge_by_names(&merged, names, id);
5833 if (r < 0)
5834 return r;
5835
5836 if (merged != u)
5837 u->load_state = UNIT_MERGED;
5838
5839 return 0;
5840 }
5841
5842 void unit_dump_config_items(FILE *f) {
5843 static const struct {
5844 const ConfigParserCallback callback;
5845 const char *rvalue;
5846 } table[] = {
5847 { config_parse_warn_compat, "NOTSUPPORTED" },
5848 { config_parse_int, "INTEGER" },
5849 { config_parse_unsigned, "UNSIGNED" },
5850 { config_parse_iec_size, "SIZE" },
5851 { config_parse_iec_uint64, "SIZE" },
5852 { config_parse_si_uint64, "SIZE" },
5853 { config_parse_bool, "BOOLEAN" },
5854 { config_parse_string, "STRING" },
5855 { config_parse_path, "PATH" },
5856 { config_parse_unit_path_printf, "PATH" },
5857 { config_parse_strv, "STRING [...]" },
5858 { config_parse_exec_nice, "NICE" },
5859 { config_parse_exec_oom_score_adjust, "OOMSCOREADJUST" },
5860 { config_parse_exec_io_class, "IOCLASS" },
5861 { config_parse_exec_io_priority, "IOPRIORITY" },
5862 { config_parse_exec_cpu_sched_policy, "CPUSCHEDPOLICY" },
5863 { config_parse_exec_cpu_sched_prio, "CPUSCHEDPRIO" },
5864 { config_parse_exec_cpu_affinity, "CPUAFFINITY" },
5865 { config_parse_mode, "MODE" },
5866 { config_parse_unit_env_file, "FILE" },
5867 { config_parse_exec_output, "OUTPUT" },
5868 { config_parse_exec_input, "INPUT" },
5869 { config_parse_log_facility, "FACILITY" },
5870 { config_parse_log_level, "LEVEL" },
5871 { config_parse_exec_secure_bits, "SECUREBITS" },
5872 { config_parse_capability_set, "BOUNDINGSET" },
5873 { config_parse_rlimit, "LIMIT" },
5874 { config_parse_unit_deps, "UNIT [...]" },
5875 { config_parse_exec, "PATH [ARGUMENT [...]]" },
5876 { config_parse_service_type, "SERVICETYPE" },
5877 { config_parse_service_exit_type, "SERVICEEXITTYPE" },
5878 { config_parse_service_restart, "SERVICERESTART" },
5879 { config_parse_service_timeout_failure_mode, "TIMEOUTMODE" },
5880 { config_parse_kill_mode, "KILLMODE" },
5881 { config_parse_signal, "SIGNAL" },
5882 { config_parse_socket_listen, "SOCKET [...]" },
5883 { config_parse_socket_bind, "SOCKETBIND" },
5884 { config_parse_socket_bindtodevice, "NETWORKINTERFACE" },
5885 { config_parse_sec, "SECONDS" },
5886 { config_parse_nsec, "NANOSECONDS" },
5887 { config_parse_namespace_path_strv, "PATH [...]" },
5888 { config_parse_bind_paths, "PATH[:PATH[:OPTIONS]] [...]" },
5889 { config_parse_unit_requires_mounts_for, "PATH [...]" },
5890 { config_parse_exec_mount_flags, "MOUNTFLAG [...]" },
5891 { config_parse_unit_string_printf, "STRING" },
5892 { config_parse_trigger_unit, "UNIT" },
5893 { config_parse_timer, "TIMER" },
5894 { config_parse_path_spec, "PATH" },
5895 { config_parse_notify_access, "ACCESS" },
5896 { config_parse_ip_tos, "TOS" },
5897 { config_parse_unit_condition_path, "CONDITION" },
5898 { config_parse_unit_condition_string, "CONDITION" },
5899 { config_parse_unit_slice, "SLICE" },
5900 { config_parse_documentation, "URL" },
5901 { config_parse_service_timeout, "SECONDS" },
5902 { config_parse_emergency_action, "ACTION" },
5903 { config_parse_set_status, "STATUS" },
5904 { config_parse_service_sockets, "SOCKETS" },
5905 { config_parse_environ, "ENVIRON" },
5906 #if HAVE_SECCOMP
5907 { config_parse_syscall_filter, "SYSCALLS" },
5908 { config_parse_syscall_archs, "ARCHS" },
5909 { config_parse_syscall_errno, "ERRNO" },
5910 { config_parse_syscall_log, "SYSCALLS" },
5911 { config_parse_address_families, "FAMILIES" },
5912 { config_parse_restrict_namespaces, "NAMESPACES" },
5913 #endif
5914 { config_parse_cpu_shares, "SHARES" },
5915 { config_parse_cg_weight, "WEIGHT" },
5916 { config_parse_memory_limit, "LIMIT" },
5917 { config_parse_device_allow, "DEVICE" },
5918 { config_parse_device_policy, "POLICY" },
5919 { config_parse_io_limit, "LIMIT" },
5920 { config_parse_io_device_weight, "DEVICEWEIGHT" },
5921 { config_parse_io_device_latency, "DEVICELATENCY" },
5922 { config_parse_blockio_bandwidth, "BANDWIDTH" },
5923 { config_parse_blockio_weight, "WEIGHT" },
5924 { config_parse_blockio_device_weight, "DEVICEWEIGHT" },
5925 { config_parse_long, "LONG" },
5926 { config_parse_socket_service, "SERVICE" },
5927 #if HAVE_SELINUX
5928 { config_parse_exec_selinux_context, "LABEL" },
5929 #endif
5930 { config_parse_job_mode, "MODE" },
5931 { config_parse_job_mode_isolate, "BOOLEAN" },
5932 { config_parse_personality, "PERSONALITY" },
5933 };
5934
5935 const char *prev = NULL;
5936 const char *i;
5937
5938 assert(f);
5939
5940 NULSTR_FOREACH(i, load_fragment_gperf_nulstr) {
5941 const char *rvalue = "OTHER", *lvalue;
5942 const ConfigPerfItem *p;
5943 const char *dot;
5944
5945 assert_se(p = load_fragment_gperf_lookup(i, strlen(i)));
5946
5947 /* Hide legacy settings */
5948 if (p->parse == config_parse_warn_compat &&
5949 p->ltype == DISABLED_LEGACY)
5950 continue;
5951
5952 for (size_t j = 0; j < ELEMENTSOF(table); j++)
5953 if (p->parse == table[j].callback) {
5954 rvalue = table[j].rvalue;
5955 break;
5956 }
5957
5958 dot = strchr(i, '.');
5959 lvalue = dot ? dot + 1 : i;
5960
5961 if (dot) {
5962 size_t prefix_len = dot - i;
5963
5964 if (!prev || !strneq(prev, i, prefix_len+1)) {
5965 if (prev)
5966 fputc('\n', f);
5967
5968 fprintf(f, "[%.*s]\n", (int) prefix_len, i);
5969 }
5970 }
5971
5972 fprintf(f, "%s=%s\n", lvalue, rvalue);
5973 prev = i;
5974 }
5975 }
5976
5977 int config_parse_cpu_affinity2(
5978 const char *unit,
5979 const char *filename,
5980 unsigned line,
5981 const char *section,
5982 unsigned section_line,
5983 const char *lvalue,
5984 int ltype,
5985 const char *rvalue,
5986 void *data,
5987 void *userdata) {
5988
5989 CPUSet *affinity = data;
5990
5991 assert(affinity);
5992
5993 (void) parse_cpu_set_extend(rvalue, affinity, true, unit, filename, line, lvalue);
5994
5995 return 0;
5996 }
5997
5998 int config_parse_show_status(
5999 const char* unit,
6000 const char *filename,
6001 unsigned line,
6002 const char *section,
6003 unsigned section_line,
6004 const char *lvalue,
6005 int ltype,
6006 const char *rvalue,
6007 void *data,
6008 void *userdata) {
6009
6010 int k;
6011 ShowStatus *b = data;
6012
6013 assert(filename);
6014 assert(lvalue);
6015 assert(rvalue);
6016 assert(data);
6017
6018 k = parse_show_status(rvalue, b);
6019 if (k < 0)
6020 log_syntax(unit, LOG_WARNING, filename, line, k, "Failed to parse show status setting, ignoring: %s", rvalue);
6021
6022 return 0;
6023 }
6024
6025 int config_parse_output_restricted(
6026 const char* unit,
6027 const char *filename,
6028 unsigned line,
6029 const char *section,
6030 unsigned section_line,
6031 const char *lvalue,
6032 int ltype,
6033 const char *rvalue,
6034 void *data,
6035 void *userdata) {
6036
6037 ExecOutput t, *eo = data;
6038 bool obsolete = false;
6039
6040 assert(filename);
6041 assert(lvalue);
6042 assert(rvalue);
6043 assert(data);
6044
6045 if (streq(rvalue, "syslog")) {
6046 t = EXEC_OUTPUT_JOURNAL;
6047 obsolete = true;
6048 } else if (streq(rvalue, "syslog+console")) {
6049 t = EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
6050 obsolete = true;
6051 } else {
6052 t = exec_output_from_string(rvalue);
6053 if (t < 0) {
6054 log_syntax(unit, LOG_WARNING, filename, line, t, "Failed to parse output type, ignoring: %s", rvalue);
6055 return 0;
6056 }
6057
6058 if (IN_SET(t, EXEC_OUTPUT_SOCKET, EXEC_OUTPUT_NAMED_FD, EXEC_OUTPUT_FILE, EXEC_OUTPUT_FILE_APPEND, EXEC_OUTPUT_FILE_TRUNCATE)) {
6059 log_syntax(unit, LOG_WARNING, filename, line, 0, "Standard output types socket, fd:, file:, append:, truncate: are not supported as defaults, ignoring: %s", rvalue);
6060 return 0;
6061 }
6062 }
6063
6064 if (obsolete)
6065 log_syntax(unit, LOG_NOTICE, filename, line, 0,
6066 "Standard output type %s is obsolete, automatically updating to %s. Please update your configuration.",
6067 rvalue, exec_output_to_string(t));
6068
6069 *eo = t;
6070 return 0;
6071 }
6072
6073 int config_parse_crash_chvt(
6074 const char* unit,
6075 const char *filename,
6076 unsigned line,
6077 const char *section,
6078 unsigned section_line,
6079 const char *lvalue,
6080 int ltype,
6081 const char *rvalue,
6082 void *data,
6083 void *userdata) {
6084
6085 int r;
6086
6087 assert(filename);
6088 assert(lvalue);
6089 assert(rvalue);
6090 assert(data);
6091
6092 r = parse_crash_chvt(rvalue, data);
6093 if (r < 0)
6094 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue);
6095
6096 return 0;
6097 }
6098
6099 int config_parse_swap_priority(
6100 const char *unit,
6101 const char *filename,
6102 unsigned line,
6103 const char *section,
6104 unsigned section_line,
6105 const char *lvalue,
6106 int ltype,
6107 const char *rvalue,
6108 void *data,
6109 void *userdata) {
6110
6111 Swap *s = userdata;
6112 int r, priority;
6113
6114 assert(s);
6115 assert(filename);
6116 assert(lvalue);
6117 assert(rvalue);
6118 assert(data);
6119
6120 if (isempty(rvalue)) {
6121 s->parameters_fragment.priority = -1;
6122 s->parameters_fragment.priority_set = false;
6123 return 0;
6124 }
6125
6126 r = safe_atoi(rvalue, &priority);
6127 if (r < 0) {
6128 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid swap priority '%s', ignoring.", rvalue);
6129 return 0;
6130 }
6131
6132 if (priority < -1) {
6133 log_syntax(unit, LOG_WARNING, filename, line, 0, "Sorry, swap priorities smaller than -1 may only be assigned by the kernel itself, ignoring: %s", rvalue);
6134 return 0;
6135 }
6136
6137 if (priority > 32767) {
6138 log_syntax(unit, LOG_WARNING, filename, line, 0, "Swap priority out of range, ignoring: %s", rvalue);
6139 return 0;
6140 }
6141
6142 s->parameters_fragment.priority = priority;
6143 s->parameters_fragment.priority_set = true;
6144 return 0;
6145 }
Unnamed repository; edit this file 'description' to name the repository.